mON  EXECUT 


THE  RESOUR 


k  * 


~J!!^!!^S^:i 


NO  TOOL  LIKE  AN  OLD  TOOL¬ 
TRANSFORMING  THE  PC  Page  89 


HOW  TO  KEEP  DATA  SAFE  AND  LEGAL 
WHEN  IT'S  SENT  OFFSHORE  Page  es 


CRITICAL 

DECISIONS 


oo  cio.com 


- 


Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can  focus 
on  the  important  things.  More  than  just  the  core  suite 
you're  familiar  with,  the  new  Microsoft®  Office  System  is 
an  integrated  system  of  easy-to-use,  expanded  programs, 
servers,  services,  and  solutions  that  help  end  users  be 
more  self-sufficient.  With  Microsoft  Office  InfoPath™  2003, 
customer  defined  XML  and  web  services,  and  Microsoft 
Office  SharePoint™  Portal  Server  2003,  users'  documents 
and  forms  can  be  automatically  updated  with  the  latest 
information.  So  now  everyone  knows  they  have  the  most 
current  version,  minimizing  rework  and  data  reentry. 

And  less  busywork  for  them  means  even  less  busywork 
for  you.  To  find  out  how  the  Microsoft  Office  System 
can  work  for  you,  go  to  microsoft.com/officelT 


Microsoft 
Office  System 

More  than  what  it  used  to  be,  it's  now  a 
comprehensive,  customizable  system. 

Programs 

Servers 

Services 

Access  2003 

PowerPoint®  2003 

Project  Server  2003 

Live  Meeting 

Excel  2003 

Project  2003 

Live  Communications 

Office  Online 

Frontpage®  2003 
InfoPath™  2003 

OneNote™  2003 

Outlook®  2003 

Publisher  2003 

Visio®  2003 

Word  2003 

Server  2003 

Exchange 

Server  2003 

SharePoint™  Portal 
Server  2003 

Solutions 

Solution  Accelerators 

Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 


Office 


* ' 


— — — .  . 


Mrse? 


No  one 


on 


L 


Great  Moments  at  Work. 


S3 


centrincr 


MOBILE 
TECHNOLOGY 


The  hardest 
thing 

about  getting 
wireless. . . 


IBM  recommends  Microsoft  Windows  XP  Professional  for  Business. 


Implementing  a  wireless  network  is  an  excellent  way  to  increase  your  employees’  efficiency  and  productivity  But  it 
can  seriously  backfire  if  they  can’t  even  get  online.  So  what  can  you  do?  Give  them  PCs  that  are  designed  to  really 
work  wirelessly  Select  IBM  ThinkPad  PCs  are  equipped  with  Intel®  Centrino™  Mobile  Technology  that  keeps  your 
employees  online  when  they’re  working  wirelessly.  And  Access  Connections  software  automatically  switches 
network  connections  for  your  employees  -  which  can  increase  productivity  per  user  by  up  to  20%t.  That  means 
less  IT  gridlock  -  and  much  more  time  for  IT  to  focus  on  your  business  strategy.  Learn  more  at  ibm.com/pc/think 

Think  mobility  ThinkCentre™ 

ThinkPad® 

ThinkVision™ 


VOL.  17  •  NO.  7  •  JANUARY  15.  2004 


Cover  Story 


Decisions  made  in  Washington  about  technology  determine  how  you  live  and 
do  business.  Here’s  what  you  need  to  know  to  be  a  participant,  not  a  spectator. 


ELECTION  2004 1  CRITICAL  DECISIONS 
Introduction  I  53 


The  Policies 

The  Next  President’s  IT  Agenda  I  54 

What  the  next  president  does  will  have  a  profound  impact  on 
IT  and  the  way  corporations  do  business.  Here  are  the  decisions 
he  needs  to  make  on  critical  infrastructure,  jobs,  privacy,  corporate 
governance  and  the  future  of  IT.  By  Ben  Worthen 

The  Candidates 

Where  the  Candidates  Stand  I  60 

The  president  of  the  United  States  should  understand  IT  and 
why  it’s  important  to  running  the  country.  Let’s  see  if  these 
men  and  women  do.  By  the  CIO  Staff 


4 


CIO  JANUARY  15,  2004  •  www .do .com 


The  right  management  should  do  more  than  just  protect. 

It  should  also  enable. 

eTrust™  Security  Management  Software 

With  eTrust  security  management  software,  your  information  isn't  just  safeguarded  from  internal  and  external  threats. 
We  provide  authorized  customers,  partners,  and  employees  with  appropriate  access  that  can  help  your  business  grow. 
In  addition  to  securing  data,  eTrust  also  provides  a  single  view  of  your  security  environment,  so  you  can  make  real-time 
decisions  based  on  comprehensive  information.  If  you're  looking  for  ways  to  minimize  risk  while  maximizing  your 
potential,  or  to  get  a  white  paper,  go  to  ca.com/security. 

Computer  Associates® 

©  2003  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


Features  continued 

OFFSHORE  OUTSOURCING 
How  to  Safeguard  Your  Data 
in  a  Dangerous  World  I  68 

The  mounting  pressure  to  save  money 
through  offshore  outsourcing  poses  a 
special  dilemma  for  CIOs  in  the  military- 
industrial  complex.  By  Stephanie  Overby 

ARCHITECTURE 
What  You  Need  to  Know 
About  Service-Oriented 
Architecture  I  78 

SOAs  promise  to  speed  development  and 
decrease  integration  time  and  effort — but 
only  if  you  implement  them  correctly. 

By  Todd  Datz 

Columns 

THE  EXCHANGE 

Five  IT  Marching  Orders  for 

the  Next  Administration  I  38 

While  CIOs  are  often  wary  of  government 
intervention  into  anything  IT,  when  it 
comes  to  a  few  major  issues  they  agree 
that  a  little  federal  attention  could  go  a 
long  way.  By  Martha  Heller 

TOTAL  LEADERSHIP 
Meet  the  New  Boss,  Not  the 
Same  as  the  Old  Boss  I  42 

How  to  handle  the  changes  under  a  new 
chief.  By  Patricia  Wallington 


ESSENTIAL  TECHNOLOGY 

Dawn  of  a  New  PC 

The  PC  is  about  to  get  a  much  needed 
face-lift.  Give  a  nip  here,  a  tuck  there, 
throw  in  a  speedier  processor,  an 
improved  system  bus,  better  displays 
and  seamless  wireless  connectivity,  and 
you’ve  got  a  next-generation  PC  that 
will  help  enterprises  leap  into  IT’s  new 
world.  But  does  IT  even  care? 

By  John  Edwards 


MAKING  I.T.  WORK 
What  Goes  On  Behind 
Your  Back  I  46 

Your  company  may  outsource  IT,  but 
your  business  units  will  build  their  own  IT 
systems  anyway.  Here’s  how  to  make  sure 
you  stay  in  the  loop.  By  Michael  Schrage 

Sections 

TRENDLINES  I  24 

Howard  Dean  profits  from  Web  cam¬ 
paign;  Campaign  2004  match  game; 
Science  fairs  grow  up;  Federal  CIOs: 
Vision  vs.  reality.  And  more 

BY  THE  NUMBERS  I  30 

The  growing  importance  of  Internet 
purchasing. 

WASHINGTON  WATCH  I  34 

Training  is  key  to  keeping  jobs  in  U.S. 


“Don’t  delude  yourself  into  thinking  your  job  might 
not  change.  A  new  boss  will  almost  always  bring  a 
new  set  of  expectations  and  priorities.” 

-Patricia  Wallington,  Total  Leadership  columnist,  on  dealing  with  a  new  boss  Page  42 


89 


ESSENTIAL  TECHNOLOGY  I  89 

PCs  are  faster  and  fancier.  And  thin  is  in. 
By  John  Edwards 

UNDER  DEVELOPMENT  I  94 

Carnegie  Mellon’s  CyLab  combines  experts 
into  an  information  security  powerhouse. 
By  Christopher  Lindquist 

PUNDIT  I  96 

Microsoft’s  next  version  of  Windows 
promotes  the  evolution  of  client/server. 

By  Eric  Knorr 

In  Every  Issue 

FROM  THE  EDITOR 
Political  Pressure  I  12 

CIOs  have  plenty  to  contribute  to  the 
policy-making  process,  starting  with 
their  vote.  By  Elana  Varon 

INBOX  I  14 

Reader  feedback 

BOARD  OF  ADVISERS  I  21 

When  we  don’t  know,  this  is  who  we  ask. 

INDEX  I  98 

EXECUTIVE  SUMMARY  I  100 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


The  Business  Objects  logo,  Crystal  Decisions,  and  the  Crystal  Decisions  logo  are  trademarks  or  registered  trademarks  of  Business  Objects  SA.  ©2004  Business  Objects  SA.  All  rights  reserved. 


$  1  !  t 

into  i 


iio  nee 


is  now 

clear. 


Crystal  dear. 

crystal  decisions™  Business  Objects  has  acquired  Crystal  Dedsions.®  Two  business  intelligence  software 
leaders  are  now  one.  One  complete  suite  of  business  intelligence  software  on  a  common  infrastructure. 
One  global  service  and  support  team.  All  backed  by  the  worldwide  market  leader  in  business  intelligence 
with  24,000  customers  and  the  largest  R&D  organization  in  the  industry. 

The  result?  By  working  with  one  vendor,  one  infrastructure,  and  one  support  team,  you'll  spend  less  time 
having  to  deploy,  integrate,  and  administer  your  business  intelligence  software.  And  more  time  using  it  to 
better  track,  understand,  and  manage  your  business  to  improve  your  enterprise  performance. 

To  leam  more  about  the  new  Business  Objects  and  to  register  for  our  global  launch  events,  "The  Future  of 
Business  Intelligence ,"  visit  www.businessobjects.com/clear.  We'll  make  everything  crystal  clear. 


Business  Objects1 

The  business  intelligence  standard. 

Global  Launch  Events:  Atlanta  •  Baltimore  •  Bogota  •  Boston  •  Buenos  Aires  •  Charlotte  •  Chicago  •  Cincinnati  •  Cleveland  •  Dallas  •  Denver  •  Detroit  •  Hartford  •  Houston  •  Indianapolis  •  Kansas  City  •  Los  Angeles 
Madison  •  Mexico  City  •  Miami  •  Minneapolis  •  Montreal  •  New  York  •  Philadelphia  •  Phoenix  •  Pittsburgh  •  Richmond  •  Salt  Lake  City  •  San  Francisco  •  Sao  Paulo  •  Seattle  •  St  Louis  •  Tallahassee  •  Toronto  •  'Washington  DC 


>teatures 

from  January  15  to  January  31 


★  ★  ★  THE  ★  ★  ★ 

CANDIDATES 


Howard  Dean 


CAST  YOUR  VOTE 

What  Are  the  IT  Issues? 

There’s  a  long  10  months  of  campaigning  ahead,  and 
in  The  Next  President’s  IT  Agenda  (Page  54),  we’ve 
captured  the  issues  and  the  candidates  as  they  stand 
at  this  point  in  the  race.  We’ve  also  compiled  how 
your  peers  in  the  CIO  Best  Practice  Exchange  lean 
when  it  comes  to  whether  the  government  should  be 
more  involved  in  the  reporting  of  financial  informa¬ 
tion  (64  percent  said  yes)  and  whether  it  should 
develop  standards  for  corporate  cybersecurity 
(54  percent  said  yes).  Now  you  can  cast  your  own 
vote— we’ve  put  the  same  questions  online  so  that 
you  can  gauge  your  peers’  interest  in  the  issues  in 
real-time.  Go  to  the  online  version  of  this  article  to 
find  the  Presidential  IT  Issues  Poll. 

ADD  A  COMMENT 

Which  Candidate  Wins  with  You  So  Far? 

Of  all  these  candidates,  who’s  going  to  be  good  for  IT?  Who’s  going 
to  be  good  for  the  country?  Who’s  going  to  be  good  for  you?  This 
isn’t  a  dinner  party  or  a  gathering  with  your  in-laws,  so  go  ahead 
and  talk  politics.  Find  the  ADD  A  COMMENT  section  at  the  end  of 
each  online  profile  of  the  candidates. 


Our  Daily  Web 

MONDAY  Tech  Tact 

Technology  Editor  Christopher 
Lindquist  covers  what’s  coming. 

TUESDAY  Quick  Poll 

Vote  with  your  mouse,  and  see  how 
other  IT  leaders  feel  about  current 
events. 

WEDNESDAY  Metrics 

Web  Writer  Jon  Surmacz  makes 
sense  of  the  numbers. 

THURSDAY  Sound  Off 

Web  Editorial  Director  Art  Jahnke 
opines  on  managerial,  political  and 
ethical  dilemmas. 

FRIDAY  The  Big  Picture 

Charts  and  graphs  that  are  worth  a 
thousand  words. 

EVERY  WEEKDAY  The  News 

We  synthesize  the  top  IT  news 
stories  of  the  day. 


Keep  Up  with  Free 
CIO  Newsletters 

In  How  to  Safeguard  Your  Data  in 
a  Dangerous  World  (Page  68),  we 
cover  defense  contractors  that 
are  often  prohibited  by  law  from 
outsourcing  due  to  security 
reasons.  This  is  a  new  minefield 
for  defense  IT.  If  staying  on  top  of 
the  latest  in  security  is  a  top-of- 
mind  issue  for  you  too,  keep  up 
with  our  free  newsletter  “Security 
and  Privacy  Update."  It  brings 
you  security  coverage  from  C/O, 
its  sister  publications  and  the 
larger  world.  To  sign  up,  go  to 
www.cio.  com/newsletters . 


8 


CIO  JANUARY  15.  2004 


www.cio.  com 


YOU’D  JUMP  ATTHE  CHANCE 
TO  MANAGE  ALL  REPORTING 
WITH  A  SINGLE  PRODUCT. 

SO  WHY  ARE  YOU 
STILL  SITTING  THERE? 


COGNOS  REPORTNET. 
THE  NEW  STANDARD. 


See  enterprise  reporting  for  what  it  really  is. 

A  strategic  advantage. 

Introducing  Cognos  ReportNet.™ 

The  only  solution  comprehensive  enough 
to  standardize  all  your  enterprise  reporting. 

From  customized  queries  to  production.  On  a  single  product. 

Built  on  a  zero-footprint,  open  architecture  created  specifically  for  the  Web. 
Designed  to  meet  the  needs  of  a  global  enterprise. 

It’s  a  key  part  of  a  comprehensive  Business  Intelligence  solution. 

Take  the  first  step  toward  managing  performance. 


Copyright  ©  2003  Cognos  Incorporated.  All  rights  reserved. 


AVAVA 

a  higher  plane 
of  communication 


WHEN  TAKING  YOUR  COMPANY  on  the  IP  telephony 

road,  the  right  traveling  companion  is  essential. 

Avaya  Global  Services  will  not  only  get  you  going  in 

the  right  direction,  but  we’ll  guide  you  the  whole 

way.  For  starters,  we  develop  a  comprehensive 

network  plan  that  includes  a  multivendor, 

multitechnology  IP  readiness  assessment. 

This  tells  us  what  we  need  to  know  to  help 

you  avoid  surprises  during  implementation  and 

maximize  security.  We’ll  get  you  up  and  running 

easily  and  seamlessly.  And  you  can  continue  to 

count  on  Avaya  Global  Services  to  manage  and 

constantly  monitor  your  entire  network,  using 

EXPERT  Systems5"  Diagnostic  Tools,  for  example, 

that  remotely  resolve  96%  of  all  system  alarms* 

Go  with  Avaya,  and  your  competitors  will  be 

eating  your  dust.  Visit  www.avaya.com/sidecar 

or  call  866-GO  AVAYA. 

IP  Telephony 

Contact  Centers 

Unified  Communication 

Services 

With 

AVAYA  GLOBAL  SERVICES 


at  your  side,  migration  to  IP  telephony  can  be  a 

SMOOTH  RIDE. 


’Alarms  on  Avaya  DEFINITY  ®  Systems  and  later  releases  of  Avaya  telephony  software.  ©  2004.  Avaya  Inc.  All  Rights  Reserved.  Avaya,  the  Avaya  Logo,  and  all  trademarks  identified  by  <8>  or 7M  are  trademarks  of 

A Inc  and  mav  he  ronistfireH  in  certain  iurlsdictinns  All  other  tratiemnrks  are  the  nronertv  of  their  reSDective  owners. 


From  the  Editor 


In  “The  Next  President’s  IT 
Agenda”  (Page  54),  we 
report  results  from  a  survey 
of  the  CIO  Best  Practice 
Exchange  members  on  IT 
policy  questions.  You  can 
cast  your  vote  on  the  same 
questions.  Go  online  to 
www.cio.com/issuespoll  to 
let  your  voice  be  heard  in  the 
Presidential  IT  Issues  Poll. 


Political  Pressure 


THAT  INFORMATION  TECHNOLOGY  is  not  a 

hot-button  political  issue  in  this  year’s  election 
shouldn’t  surprise  anyone.  Politicians,  like  the 
rest  of  us,  are  driven  by  what  they  can  measure, 
and  basic  data  barely  exists  upon  which  they  can 
take  a  stand  on  IT  issues.  The  Census  Bureau, 
which  gathers  most  of  the  data  on  U.S.  business 
activity,  requested  funds  for  the  first  detailed 
annual  survey  of  corporate  IT  expenditures  only 
last  year. 

Furthermore,  there  isn’t  an  obvious  constituency 
for  technology  policy  the  way  there  is  for  and 
against  gun  control.  The  voice  listened  to  most 
often  on  any  IT  issue  is  that  of  vendors,  whose 
views  are  shaped  by  what’s  best  for  their  business. 
If  those  views  happen  to  align  with  your  business 
or  the  public  good,  you  get,  as  the  consultants 
would  say,  some  nice  synergy  there. 

What  this  means  is  that  a  lot  of  policy  decisions 
that  affect  how  we  buy,  sell,  use  (and  are  used  by) 
IT  have  been  made  without  much  notice,  and  even 
less  input,  from  most  of  us.  As  Staff  Writer  Ben 


Worthen  tells  us  in  “The  Next  President’s  IT 
Agenda”  on  Page  54,  we  ignore  the  politics  of  IT 
at  our  own  peril.  There’s  no  question  that  the  next 
president  will  chart  the  course  of  IT  for  years  to 
come.  There  is  only  the  question  of  whether  those 
decisions  will  be  to  our  benefit  or  detriment.  Will 
they  keep  our  country  secure?  Help  your  company 
prosper?  Protect  our  privacy? 

As  an  expert  in  the  uses,  abuses,  promises  and 
failures  of  IT,  you  have  plenty  to  contribute  to  the 
policy-making  process,  starting  with  your  vote. 
Turn  to  “Where  the  Candidates  Stand”  (Page  60) 
to  find  out  what  our  team  of  writers  and  editors 
discovered  about  this  year’s  contenders’  top  IT  pol¬ 
icy  views.  Factor  that  information  into  your  vote, 
whether  in  the  primaries  this  winter  and  spring  or 
the  final  election  Nov.  2. 

But  don’t  stop  there.  Weigh  in  on  regulations 
and  legislation.  Get  to  know  your  congressman 
and  senators — whether  it’s  as  a  CIO  representing 
your  company  or  as  a  citizen  with  an  expert  opin- 


evaron@cio.com 


1  2 


CIO  JANUARY  15,  2004 


www.cio.com 


PHOTO  BY  FURNALD/GRAY 


Would  You  Bet  Your  Business 

On  This? 


Millions  do.  Yet  when  disaster  happens,  your  system 
of  offsite  storage  and  recovery  may  prove  slow  and 
unreliable.  While  waiting  days  to  recover  data,  business 
losses  just  keep  piling  up. 

Ready  RecoverySM,  from  Berbee®,  is  the  21st  century 
alternative  to  data  recovery.  It  continuously  mirrors 
your  core  business  systems  -  every  minute  of  every 
day.  When  disaster  strikes,  Ready  Recovery  is  ready  to 
bring  your  mission-critical  systems  back  up  in  a  matter 
of  minutes.  With  no  lost  data,  time,  or  business.  Ready 
Recovery  is  a  flexible  and  affordable  solution  that  lets 
you  protect  the  systems  you  can  least  afford  to  lose  like 
eCommerce,  member/customer  data,  file  servers, 
email,  and  other  mission-critical  systems. 

Tape  can  save  your  data,  but  Ready  Recovery  can 
save  your  business.  And  it’s  only  available  from  Berbee. 
For  more  information,  contact: 


BERBEE® 


Berbee  Information  Networks  Corporation 
888.888.8835  •  www.berbee.com/ready50 


IBM,  xSP  Prime  Hosting  and  associated  logos  are  trademarks  of  IBM  Corporation  in  the  United  States,  other  countries, 
or  both.  This  IBM  Business  Partner  has  been  approved  for  the  IBM  xSP  Prime  Hosting  program  in  North  America. 


InBox 

Reader  Feedback 


THOUGHTS  ON  OBSTACLES  TO  A  CIO’S  SUCCESS 

Your  Oct.  1,  2003,  editorial  (“The  Greatest  Threat  to  CIO  Success")  asked  an  important 
question:  Does  the  growing  imbalance  between  demand  and  resources  pose  the  greatest 
threat  to  CIO  effectiveness? 

I  answer  from  the  point  of  view  of  one  concerned  about  data,  that  ethereal  stuff  that  the 
business  actually  uses  to  create  value  for  customers.  Since  IT  helps  collect,  store,  manipulate, 
process  and  make  that  data  available,  this  point  of  view  provides  a  unique  perspective. 
Data,  it  seems,  can  (indeed,  should)  bridge  the  gap  between  IT  and  the  business. 

Unfortunately,  from  this  perspective,  the  gap  is  enormous.  Many  businesspeople— 
perhaps  even  most— view  their  IT  counterparts  with  skepticism.  It’s  not  hard  to  see 
why.  The  litany  of  failures,  many  of  them  spectacular,  is  fresh  in  their  minds.  For  many 
companies,  data  warehousing,  data  mining  and  ERP  initiatives  have  all  failed  to  live  up  to 
expectations.  The  latest  is  CRM. 


Indeed  the  biggest  success  has  been 
Y2K  remediation,  a  success  that  stemmed 
from  the  failure  of  a  previous  generation 
of  IT  managers  and  came  at  an  enor¬ 
mous  cost.  Now  CIOs  complain  that 
their  budgets  aren’t  growing  fast  enough 
and  that  business  leaders  have  compet¬ 
ing  priorities.  This  has  been  the  reality 
for  virtually  all  business  departments  for 
20  years  or  more.  There  are  too  many 
customers  with  too  many  needs,  many 
of  them  conflicting. 

Business  departments  have  grown 
accustomed  to  doing  more  with  less. 
Budget  cuts  can  be  capricious.  But,  over 
the  long  haul,  those  delivering  the  most 
value  enjoy  the  bigger  budgets.  And 
those  who  fail  to  deliver  suffer.  CIOs 
may  well  miss  out  on  yet  another  oppor¬ 
tunity  to  hear  what  the  business  is  really 
telling  them.  Thus,  the  biggest  threat  to 
CIO  effectiveness  is  not  the  growing  gap 
between  demand  and  resources.  It  is  that 
technology  people  still  don’t  understand 
what  the  business  needs,  don’t  listen  well 
enough  to  learn  and  don’t  seem  to  care. 

Tom  Redman 
President,  Navesink  Consulting  Group 
tomredman@dataqualitysolutions.com 


Thank  you  for  raising  the  questions 
on  strategy,  IT  alignment  and  CIO 
effectiveness. 

I  concur  with  you  that  CIOs  have  a 
unique  opportunity  to  lead  an  IT-enabled 
business  strategy  and  make  transforma¬ 
tional  changes.  That  should  not  be  a 
stretch  at  all  if  the  focus  is  to  identify 
and  reform  cross-functional  processes 
that  affect  the  bottom  line  and  ensure 
sustainable  growth.  In  the  progressive 
CIO  paradigm,  CIO  effectiveness  would 
be  a  factor  of  the  enterprise’s  capacity  to 
respond  to  business  needs  and  market 
volatilities,  of  which  IT  is  an  integral 
part  with  a  definitive  measurable  impact 
on  the  business.  CIO  effectiveness  would 
not  be  a  measure  of  IT’s  ability  to 
respond  to  conflicting  demands  from 
different  business  units.  Business  units 
with  the  biggest  clout  can  consume  the 
largest  portion  of  IT  resources,  while 
others  that  might  make  a  greater  impact 
on  the  business  bottom  line  can  be  left 
in  oblivion. 

It  is  a  mistake  to  talk  of  IT  gover¬ 
nance  when  the  basic  issue  is  the  cre¬ 
ation  of  an  integrated  business  strategy. 
I  wonder  why  we  do  not  talk  about 


finance,  operations,  and  sales  and  mar¬ 
keting  governance.  Perhaps  it  is  because 
we  have  ignored  your  observation  that 
enterprises  are  rarely  viewed  in  cross¬ 
functional,  process-oriented  ways,  and 
that  CIOs  are  uniquely  positioned  to 
have  such  a  perspective. 

The  time  has  come  for  progressive 
CIOs  to  take  their  proper  seat  at  the 
management  table. 

Anonymous 

CORRECTION 

We  incorrectly  identified  three  photo 
subjects  in  “Why  Three  Heads  Are  Bet¬ 
ter  than  One”  (Dec.  1,  2003).  The  photo 
on  Page  94  shows  (left  to  right):  Brian 
Ferrier,  store  director  of  Giant  Eagle’s 
South  Euclid,  Ohio,  supermarket;  Jack 
Flanagan,  executive  VP  of  Giant  Eagle 
business  systems;  and  Russ  Ross,  senior 
VP  of  IS  and  CIO  at  Giant  Eagle. 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  article 
mentioned,  go  to  www.cio.com/printlinks. 

cio.com 


14  CIO  JANUARY  15,  2004  •  www.cio.com 


The  Lowest  Total  Cost  of  Ownership. 

(Up  to  50%  less  than  other  color  printers  in  the  industry.  Source:  ARS,  Inc.) 


The  Kyocera  Mita  FS-C5016N  Color  Printer 

•  4. 54  Per  Color  Page  (3.54  Lower  Than  Industry  Avg.) 

•  17  ppm  Brilliant  600  DPI  Color 

•  Smallest  Desktop  Footprint  in  Industry 

•  Fully  Networkable  /  Embedded  Wireless 

•  Crisp  B&W  /  Below  Industry  Average  Cost 


The  New  Value  Frontier 

eg  i<y  DCERa 


mita 


KYOCERA  MITA  AMERICA,  INC. 

©2003  KYOCERA  MITA  AMERICA,  INC.  "PEOPLE  FRIENDLY"  AND  ALL  ELEMENTS  OF  THE  KYOCERA  MITA  LOGO  ARE  THE  TRADEMARKS  OF  KYOCERA  MITA. 

ARS  INC.  IS  A  GLOBAL  MARKET  INTELLIGENCE  FIRM  SPECIALIZING  IN  THE  DAILY  TRACKING  AND  ANALYZING  OF  PRINTERS  AND  IMAGING  PRODUCTS. 


BY  NOON,  THE  IT  DEPARTMENT  WILL  BE 
ALERTED  TO  750  DIFFERENT  PROBLEMS. 


ONE  OF  THEM  WILL  LOSE  115 
ONLINE  RESERVATIONS  A  MINUTE. 


CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from  BMC  Software®  the  delivery  of  vital  business  services  like  online  transactions, 

can.  They  automatically  prioritize  IT  management  issues  sales,  customer  service,  logistics  and  distribution — whatever 

according  to  business  importance  and  alert  you  before  is  most  critical  to  your  company's  success.  It's  enterprise 

potential  problems  can  impact  performance.  They  also  let  management  software  that  works  with  your  existing  IT 
you  prioritize  IT  investments  and  resource  allocations  to  resources  to  let  you  manage  what  matters  from  a  business 

optimize  your  business  results.  So  you  can  solidly  align  your  perspective  and  execute  with  precision.  Find  out  how  at 

IT  investments  with  strategic  business  goals.  And  protect  www.bmc.com/bsm21 

<bmcsoftware 


The  Resource  for  Information  Executives 


President  Walter  Manninen 
Publisher  Gary  J.  Beach 

Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Deputy  Editor  Richard  Pastore 

Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Alison  Bass,  Michael  Goldberg, 
Christopher  Koch 

Leadership  and  Management  Editor  Edward  Prewitt, 
Opinion  and  Knowledge  Management  Editor  Megan 
Santosus,  Research  Editor  Lorraine  Cosgrove  Ware, 
Special  Projects  Editor  Mindy  Blodgett,  Technology 
Editor  Christopher  Lindquist 

Senior  Editors  Scott  Berinato,  Todd  Datz, 

Alice  Dragoon,  Elana  Varon 

Features  Editor  Late  Low 

Senior  Writers  Meridith  Levinson,  Stephanie  Overby 

Staff  Writer  Ben  Worthen 
Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Copy  Editors  Emily  S.  Henderson, 

Sarah  Johnson  (Assoc.) 

Special  Projects  Manager  Lynne  Z.  Rigolini 
Editorial  Resource  Manager  Carol  Zarrow 
Editorial  Assistant  Daniel  J,  Horgan 
Editorial  Operations  Specialist  Julie  Hanson 

Contributors  John  Edwards,  Grant  Gross,  Eric  Knorr, 
Michael  Schrage,  Patricia  Wallington 


How  to  Reach  Us 

E-mail  letiers@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.0.  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/online_beats2.html 

Subscriber  Services  866  354-1125,  Fax  847  564-9453, 
E-mail  cio@omeda.com 

Reprint  Services  Jackie  Day  •  651  582-3856, 

E-mail  cioreprints@rsicopyright.com  (500  quantity  or  more) 

Rights  and  Permission  Andrew  Burrell  •  508  935-4785, 
E-mail  aburrell@cxo.com 


DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 
Art  Directors  Hana  Barker,  Terri  Haas,  Lisa  Munroe 
Associate  Art  Director  Owen  Edwards 
Senior  Designers  Kaajal  S.  Asher,  George  Lee 
Designer  Alberto  Capolino 
Design  Operations  Specialist  Rachel  Barnett 

ONLINE  EDITORIAL 

Web  Editorial  Director  Art  Jahnke 
Consulting  Editor  Janice  Brand 
Web  Editor  Sandy  Kendall 
Web  Writer  Jon  Surmacz 

ONLINE  &  INFORMATION  SYSTEMS 

Chief  Information  Officer  Mark  Hall 

Online 

Senior  VP/General  Manager,  Online  Tim  Horgan 
Online  Technology  Director  Dagmar  Eiben 
Senior  Web  Developer  Ellen  Morey 
Director  of  Online  Research  Kathleen  Kotwica 
E-Commerce  Manager  Andrew  Burrell 
Web  Developers  Diane  Chen,  Shannon  Macdonald 
Online  Content  Researcher  Tara  Gillet-Liloia 
Designer  Graham  White 

Information  Systems 

Infrastructure  Manager  James  C.  Burgoyne 

User  Services  Manager  Ron  Bettencourt 

Senior  User  Services  Specialists  Jonathan  Frappier, 
Michael  Fahlsing 

System  Administrator  Robert  Reagan 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Circulation  Director  Faith  Marcello 
Subscription  Svcs.  Supervisor  Tina  Pescara 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Senior  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

EP  Senior  Vice  FYesident  Jennifer  Richards 
Conference  Management  Vice  President  Cynthia  Mollus 
Marketing  Services  Director  Shellie  Rapson  James 
Business  Development  VP  John  Amato 
Program  Operations  Manager  Brian  Fuce 
Marketing  Manager  Glede  Kabongo 


Marketing  Services  Coordinator  Andrea  Slobogan 
Event  Development  Specialist  Sandra  J.  Hughey 
Operations  Coordinator  Michael  Barbato 
Event  Planning  Manager  Amy  Turell 
Senior  Customer  Services  Coordinator  Sarah  Yee 

CIO  EXECUTIVE  COUNCIL 

General  Manager  Mark  Hall 
Director  Martha  Heller 

Program  Managers  Mindy  Hogan,  David  Parker 

Operations  Assistant  Lisa  Byron 

MARKETING 

Executive  VP/Marketing  Cathy  O'Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
News  and  Information  Associate  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 
Marketing  Research  Manager  Carolyn  Johnson 
Sr.  Marketing  Research  Analyst  Dylan  DiGregorio 
Marketing  Comm.  Director  Sue  Yanovitch 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Marketing  Comm.  Associate  Sarah  Crowley 

ADMINISTRATION 

Manager  of  Finance  Margarita  Chiango 
Finance  and  Operations  Analyst  Chris  Bernardi 
Executive  Assistant  to  the  President  Diane  Martin 
Billing  Administrator  Joyce  Gillis 
Facilities  Specialist  John  Kelley 
Office  Services  Coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

Human  Resources  Vice  President  Patricia  Chisholm 
Human  Resources  Manager  Tanya  Bureau 
Human  Resources  Representative  Beth  S.  Ramistella 

FOUNDER 

Joseph  L.  Levy 


% 

CXO\MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

CEO  Pat  Kenealy 

Board  Chairman  Patrick  J.  McGovern 

WBPA 

▼  INTERNATIONAL* 

©CXO  Media  Inc. 


18  CIO  JANUARY  15,  2004 


www.cio.com 


Your  IT  budgets  and  staff  have  been  slashed, 


Fortunately  you  have  the  most  manageable 

video  conferencing  systems  in  the  world. 


With  IT  resources  scarcer  than  ever,  you  need  Polycom's  integrated  video  conferencing 
systems.  They're  user  friendly,  easy  to  upgrade,  manage  and  maintain.  Deployment  is 
virtually  "plug  and  play."  And,  monitoring  and  management  is  centralized.  It  all  adds  up 
to  a  great  ROI  for  your  team  and  your  company.  Join  the  millions  of  people  worldwide  that 
already  use  Polycom  and  The  Polycom  Office!"  With  integrated  video,  voice,  data,  and 
Web  applications,  The  Polycom  Office  makes  communicating  as  natural  as  being  there. 

For  more  information  and  your  free  white  paper  "Demystifying  IP  Migration"  visit 
www.polycom.com  or  call  1-877-POLYCOM.  Ask  about  the  outstanding  new  Polycom 
VSX™  7000  -  video  conferencing  like  you've  never  seen  it.  Polycom.  The  time  for 
manageable  video  conferencing  is  now. 


POLYCOM 


Connect.  Any  Way  You  Want. 


©2003  Polycom,  Inc.  All  rights  reserved  Polycom  and  the  Polycom  logo  are  registered  trademarks  and  VSX,  Polycom  Office 
and  the  SoundStation  industrial  design  are  trademarks  of  Polycom,  Inc.  in  the  U  S  and  various  countries. 


The  Dell/EMC  CX600 


The  Dell/EMC  CX400 


The  Dell/EMC  CX200 


Large  or  small,  your  company  can  have  a  flexible  storage  solution  from  Dell. 

As  you  can  see,  Dell  offers  a  variety  of  solutions  that  give  you  the  flexibility  to  grow. 
Complete  storage  solutions — including  software  and  services — that  deliver  maximum 
productivity  and  scalability. 

See  for  yourself  why  companies  from  small  business  to  the  Fortune  500  are  turning 
to  Dell/EMC  SAN  solutions.  Go  to  www.dell.com/SAN2  today  and  click  the  Storage 
Consolidation  ROI  Analyst  Tool. 


Compare:  Dell/EMC  Storage  vs.  HP  Storage 

Dell/ EMC  CX400 

HP/ EVA  3000 

DAS,  NAS  or  SAN 

Deployability 

NAS  or  SAN 

Fibre  Channel 
and  ATA 

Flexibility 

Fibre  Channel 

Only 

Up  to  13.4TB 

Scalability 

Up  to  8.2TB 

Up  to 

60  Storage  Pools 

Configurability 

Up  to 

16  Storage  Pools 

Features  as  of  6/16/03  and  are  subject  to  change. 

EMC2 


Complete  SAN  solutions  at  a  better  overall  value.  Easy  as 


DOLL 


Click  www.dell.com/SAN2  Call  1-866-664-6518 

toll  free 


Dell,  the  Del!  logo  and  PowerEdge  are  registered  trademarks  of  Dell  Inc.  EMC!  and  EMC  are  registered  trademarks  of  EMC  Corporation.  ©2003  Dell  Inc.  All  rights  reserved. 


Board  of  Advisers  2004 


c 


CIO  wishes  to  acknowledge  the  2004  Editorial  Advisory  Board  members  for  their  ongoing 
guidance  and  reality  check  of  the  magazine’s  content  and  focus.  We  thank  them  for  their 
generosity  in  sharing  their  insight  into  the  world  of  IT  leadership. 


GREGOR  BAILAR 

CIO 

Capital  One 
Falls  Church,  Va. 

MARCIA  BALESTRINO 

Senior  Vice  President 
and  CIO 

Girl  Scouts  of  the  USA 
New  York  City 

DOUG  BARKER 

CEO 

Barker  and  Scott 
Consulting 
Washington,  D.C. 

SHEILA  BEAUCHESNE 

CIO 

Blue  Green 
Boca  Raton,  Fla. 

WAYNE  D.  BENNETT 

Partner 

Bingham  McCutchen 
Boston 

MICHAEL  EARL 

Professor  of  Information 
Management,  Dean  of 
Templeton  College 
Oxford  University 
Oxford,  England 

PAUL  J.  GAFFNEY 

Executive  Vice  President 

and  CIO 

Staples 

Framingham,  Mass. 

JOHN  GLASER 

Vice  President  and  CIO 
Partners  Healthcare 
Boston 

JERRY  GREGOIRE 

Former  CIO  of  Pepsi 
and  Dell 
Austin,  Texas 


SCOTT  HEINTZEMAN 

CIO 

Carlson  Hotels 

Worldwide 

Minneapolis 

C.  LEE  JONES 

Chairman  and  CEO 
AmericasDoctor 
Gurnee,  Ill. 

RON  KIFER 

Vice  President  of 
Program  Solutions 
and  Management 
DHL 

Scottsdale,  Ariz. 

SUSAN  S.  KOZIK 

Executive  Vice  President 
and  CTO 
TIAA-CREF 
New  York  City 

CHUCK  LYBROOK 

Executive  Director 
The  Information 
Management  Forum 
Atlanta 

BUD  M ATHAISEL 

Corporate  Vice  President 
and  CIO 
Solectron 
Milpitas,  Calif. 

GEORGE  NEWSTROM 

Secretary  of  Technology 
Commonwealth  of 
Virginia 
Richmond,  Va. 

SHELEEN  QUISH 

Vice  President  of 
Corporate  Marketing 
and  Global  CIO 
U.S.  Can 
Lombard,  Ill. 

REBECCA  R.  RHOADS 

CIO 

Raytheon 
Lexington,  Mass. 


LARAINE  RODGERS 

President 

Arizona  Partnership  for 
Higher  Education  and 
Business 
Scottsdale,  Ariz. 

JIM  RYAN 

Executive  Vice  President 
of  Marketing  and  Sales 
W.W.  Grainger 
Lincolnshire,  Ill. 

THOMAS  T. 
SCHWANINGER 

Senior  Vice  President 
and  CIO 

American  Red  Cross 
Falls  Church,  Va. 

JAMES  F.  SUTTER 

Senior  Partner 
The  Peer  Consulting 
Group 

Newport  Beach,  Calif. 

RICHARD  W. 

SWANBORG  JR. 

President 

ICEX 

Boston 

PATRICIA  WALLINGTON 

President 
CIO  Associates 
University  Park,  Fla. 

ROBERT  P.  WEIR 

Vice  President  of 
Information  Services 
Northeastern  University 
Boston 

STEVE  WILLIAMS 

Senior  Vice  President 
and  CIO 
Mattress  Giant 
Addison,  Texas 


WHEN  IT  COMES  TO  SAN  SOLUTIONS. 

THE  NUMBERS 

SPEAK  FOR  THEMSELVES. 


Visit  www.dell.com/SAN2  and  go  to  the  Dell  Storage 
Consolidation  R0I  Analyst  Tool  for  a  free  business 
case  analysis  that  clearly  outlines  the  best  storage 
solution  for  you.  From  needs  and  deployment  to 
enterprise-level  services,  Dell's  comprehensive  storage 
consolidation  solution  will  help  you  determine  your 
organization's  exact  requirements,  and  help  simplify 
the  implementation. 

Or  call  1-866-664-6518  today  to  speak  with  a 
Dell  representative.  Together  you  can  assess 
your  situation  and  then  develop  a  cost-effective 
storage  solution  that  can  improve  both 
your  operations  and  your 
bottom  line. 


Easy  as 


MU 


Click  www.dell.com/SAN2 
Call  1-866-664-6518 

toll  free 


www.cio.com  •  JANUARY  15,  2004  CIO  21 


With  Fujitsu  on  board,  performance 
at  America  West  has  really  taken  off. 


When  America  West  set  out  to  become  a  leader  in 
low-fare  business  travel,  the  first  requirement  was 
to  improve  on-time  performance.  Every  department 
pitched  in,  and  the  results — for  customers,  employees 
and  shareholders — have  been  dramatic. 

One  key  contributor  was  the  airline’s  IT  department. 
By  replacing  older,  less  reliable  servers  with  new  high 
availability  servers  from  Fujitsu,  America  West 
reduced  technology  related  delays  by  over  75%. 


Now,  thanks  to  a  new  server  architecture  and  proactive 
managed  services  from  Fujitsu,  passengers  are  getting 
where  they’re  going  faster.  And  America  West  is  really 
going  places,  too. 

Visit  us.fujitsu.com/together  for  more  on  how  Fujitsu 
servers  and  managed  services  helped  America  West 
improve  on-time  performance. 

Working  together,  we  can  accomplish  anything. 


©  2003  Fujitsu.  All  rights  reserved.  America  West  and  the  America  West  logo  are  registered  trademarks  of  America  West  Airlines,  Inc. 


Fujrrsu 

THE  POSSIBILITIES  ARE  INFINITE 


us.fujitsu.com 


theNEWrheHOT  r/it>  UNEXPECT  E  D  -A.  M  ,  „  fll  ■  M  K-/ 

Edited  by  Michael  Goldberg 


ELECTION  2004 

Dean  Profits 
from  Web 
Campaign 


AMONG  DEMOCRATS  during  the  fall  run¬ 
up  to  the  presidential  primaries,  Howard 
Dean  won  front-runner  status  for  his  fearless 
firebrand  criticism  of  President  Bush’s  han¬ 
dling  of  the  Iraq  war.  But  even  if  the  former 
Vermont  governor  fails  to  seize  the  Demo¬ 
cratic  nomination  this  summer,  his  use  of 
the  Internet  has  added  a  new  rule  for  polit¬ 
ical  campaigns:  Make  sure  your  candidate’s 
website  drives  supporters  to  meet  each 
other — and  to  a  “click  to  donate”  button. 

From  April  1  to  Sept.  30,  Dean  collected 
$11  million  through  Internet  donations, 
including  110,786  online  donations  (total¬ 
ing  $7.4  million)  in  the  third  quarter  alone. 
Put  another  way:  During  that  time,  50  cents 
of  every  dollar  Dean  collected  came  from 


people  giving  via  his  website,  www.dean 
foramerica.com. 

Those  Internet  donations  have  helped 
Dean  lead  in  the  fund-raising  race  among  the 
nine  Democratic  candidates,  and  prompted 
him  in  November  to  bypass  public  financing 


of  his  campaign  and  the  spending  limits  that 
go  along  with  it.  As  of  Sept.  30,  Dean  had 
raised  $25.4  million,  ahead  of  Massachusetts 
Sen.  John  Kerry’s  $20  million. 

But  it’s  more  than  just  the  e-donations. 
Dean  has  exploited  the  Internet  as  a  two- 
way  medium,  using  his  website  to  generate 
volunteer  involvement  globally,  without 
campaign  intervention.  Volunteers  have 
signed  up  to  host  hundreds  of  parties  on 
the  first  Wednesday  of  each  month,  for 
example,  from  Burlington,  Iowa,  to 
Budapest,  Hungary,  to  solicit  support  for 
Dean  and  to  allow  supporters  to  schedule 
face-to-face  “meet  ups.”  It’s  all  organized 
online  using  website  software  from  Meetup, 
which  links  people  associated  by  interest  in 
topics  (from  goth  culture  to  gardening).  The 
Dean  website  links  to  Meetup’s  site  and 
sends  supporters  to  sign  up  for  gatherings 
or  to  start  a  new  venue. 

All  the  major  candidates  have  since 
started  using  Meetup  to  solicit  supporter 

Continued  on  Page  26 


itional  skills?  Being  a  good  gaietw^’  • 

,,  We  are  looking  to  recognize  the  best 
honor  of  Administrative  Prof  essronals  Day 

executive  assistant.  Write  an 

best  (be  sure  to  include  an 

subject  line  to  Michael 

include  your  telephone 


l  ASSISTANT?  Is  it  amazing  organize 

is  problems?  It’s  time  for  you  to  tell  us, 
nt  to  a  CIO  in  our  April  15th  issue  in  hoi 

I  too  words,  telling  us  why  *°“'a“^"contest”  inthe 

four  case).  Send  the  e-mat  v  andbesureto 

editor,  atmgoldberg@cro.com  by  Jan.  30,  and  D 

^s=sssss^mm~'“m' 


24  CIO  JANUARY  15.  2004  •  www.cio.com 


PHOTO  BY  AP/WIDE  WORLD  PHOTOS 


Faster  than  Verizon. 
Faster  than  Sprint  PCS. 
Faster  than  Cingular. 
Faster  than  T-Mobile. 
Faster  than  Nextel. 


For  the  fastest  way  to  open  large  e-mail  attachments  on 
a  national  wireless  network,  switch  to  AT&T  Wireless. 

It's  a  fact.  No  one  offers  a  faster  national  wireless  data  network  than  AT&T  Wireless  with  EDGE 
technology.  No  one.  With  average  speeds  of  100-130  Kbps,  bursts  of  up  to  200  Kbps  and  secure 
wireless  access,  you  can  browse  the  Internet  as  well  as  download  presentations,  documents  and 
spreadsheets  nearly  twice  as  fast  as  with  any  other  national  wireless  data  network.  We  work 
with  leading  IT  companies  to  help  you  get  more  out  of  the  technology  you  use  every  day,  across 
the  U.S.  High-speed  national  wireless  data  is  here.  And  no  one  is  faster  at  it  than  AT&T  Wireless. 
Call  1  888-DATA-288  or  go  to  attwireless.com/speed 


Access  the  fastest  national 
wireless  data  network  with 
an  easy-to-use  PC  card. 


Open  e-mail  attachments  at 
average  speeds  of  100-130  Kbps 
and  bursts  of  up  to  200  Kbps. 


Download  large  documents, 
presentations  and  reports 
in  just  seconds. 


Faster  data  speeds  from  more 
places  in  the  U.S.  than  with 
any  other  wireless  carrier. 


r  e  a  c  h  o  u  t 

on  the  wireless  service  America  trusts " 


AT&T  Wireless 


©2003  AT&T  Wireless.  All  Rights  Reserved.  Requires  credit  approval,  qualified  minimum  one-year  agreement  and  rate  plan,  and  compatible  EDGE  PC  modem  card.  Actual  download  speeds  depend  on  coverage,  network  availability  and  traffic, 
device,  applications,  tasks,  file  size  and  other  factors.  Comparison  based  on  published  speed  claims  of  national  mobile  wireless  data  networks.  Not  available  for  purchase  or  use  in  all  areas.  Coverage  is  subject  to  transmission  limitations  and  terrain, 
system,  capacity  and  other  limitations.  Secure  wireless  access  refers  to  the  authentication  and  encryption  features  available  on  the  AT&T  Wireless  network.  Additional  restrictions  apply.  Service  is  subject  to  Terms  and  Condrtions/Service  Agreement 
and  rate  plan  materials.  All  marks  used  herein  are  marks  of  their  respective  owners. 


m 


ELECTION  2004 

Match 
Game 2004 


^irendlines 


INDIVIDUALS  HAD  GIVEN  MORE  THAN  $177  MILLION  to  the  campaigns  of 
President  Bush  and  the  eight  major  Democrats  as  of  Sept.  30, 2003.  (See 
“Where  the  Candidates  Stand,”  Page  60,  for  their  positions  on  IT-related 
issues.)  Included  in  the  millions  were  $2,000  individual  donations— individuals 
are  limited  to  contributions  of  $2,000  to  each  candidate  in  the  primary  elec¬ 
tion— from  some  high-ranking  members  of  the  IT  industry.  Fill  in  the  blanks  to 
match  the  donors  with  their  candidates.  (Note:  Not  every  candidate  received 
money  from  someone  on  this  list.) 


Donors 

Candidates 

1.  Floyd  Duane  Ackerman,  CEO,  BellSouth 

Q  President  George  W.  Bush 

Gen.  Wesley  Clark 

2.  Craig  Barrett,  CEO,  Intel 

of  Arkansas 

©  Former  Vermont  Gov. 

3.  Carly  Fiorina,  Chairman  and  CEO, 

Howard  Dean 

Hewlett-Packard 

(»)  Sen.  John  Edwards 

of  North  Carolina 

4.  Gary  Forsee,  Chairman  and  CEO,  Sprint 

Q  Rep.  Richard  Gephardt 

of  Missouri 

5.  Bill  Gates,  Chairman,  Microsoft 

Q  Sen.  John  Kerry 

of  Massachusetts 

6.  Andrew  Grove,  Chairman,  Intel 

@  Sen.  Joseph  Lieberman 

of  Connecticut 

7.  Jeffrey  Heller,  President  and  COO,  EDS 

(J)  Former  Sen.  Carol  Moseley 

Braun  of  Illinois 

8.  Eric  Schmidt,  Chairman  and  CEO,  Google 

O  The  Rev.  Al  Sharpton 

of  New  York 

ANSWERS:  J  pue  3  ’8  ‘V  'L  ‘9  ’9  ‘V  -S  'V  V  ‘V  '£  '9  pue  v  Z  'V 1 

SOURCE:  Center  for  Responsive  Politics  (www.opensecrets.org) 

Web  Campaign 

Continued,  from  Page  24 


Matches.  Even  some  who  aren’t  declared  can¬ 
didates,  such  as  Hillary  Rodham  Clinton,  had 
wishful  supporters  signing  up  venues. 

Michael  Cornfield,  research  director  at  the 
Institute  for  Politics,  Democracy  &  the  Inter¬ 
net  at  George  Washington  University,  says 
that  President  Bush  is  the  campaign  money 
champ  so  far — collecting  $84.6  million  as  of 
Sept.  30 — but  it’s  largely  through  conven¬ 
tional  fund-raising  dinners.  Dean’s  use  of  the 
Internet  for  campaigning  could  signal  a  major 
shift  in  how  campaigns  are  run,  similar  to 
the  change  from  the  19th  century’s  party-run 
affairs  to  the  media-driven  contests  of  the  past 
century.  “We’re  going  from  the  age  of  mass 
media  to  the  age  of  networks,”  he  says. 

Clearly  Dean’s  campaign  has  a  resonant 
message,  observers  such  as  Cornfield  note. 
But  the  fact  that  Dean’s  website  encourages 
supporters  to  get  personally  involved  plays 
to  the  strength  of  the  Internet,  says  Larry 
Sabato,  a  political  science  professor  at  the 
University  of  Virginia.  “Instead  of  the  Inter¬ 
net  being  essentially  a  one-way  communica¬ 
tions  tool,  [the  Dean  tacticj  is,  ‘I’m  writing 
you,  and  I  need  your  input,”’  Sabato  adds. 

Phil  Noble,  founder  of  PoliticsOnline, 
which  offers  Internet  tools  for  political  cam¬ 
paigns,  says  Dean  has  changed  the  way 
politicians — and  businesses — have  to  think 
about  the  Internet,  whether  or  not  he  wins 
the  White  House:  Success  is  “about  interac¬ 
tivity — it’s  not  about  one-way  communica¬ 
tion,”  Noble  says.  “Most  campaigns — just 
like  most  companies — haven’t  realized  it.” 

Sabato  calls  the  Dean  Internet  strategy 
“well-managed  anarchy,”  adding  that  most 
companies  haven’t  learned  that  Internet  users 
want  to  interact.  “The  Internet  is  best  used 
not  for  advertising,  but  for  involvement.” 

-Grant  Gross 


ejobs  here  at 


doing  something  to 


The  government 


ul  "l  iTnul  »1 1  Ml  1  !-X-MB,hev  are  exporting  the 
ations  of  America’s  future  business  leaders. 

MARCUS  COURTNEY,  president  of  Washington  Ailiance  of  Technology  Workers 


2  6  CIO  JANUARY  15,  2004 


www.cio.com 


Customers  are  an  investment. 
Maximize  your  return. 


PeopleSoft  Customer  Relationship  Management  lets  you  capitalize  on  every  customer  interaction 
across  your  enterprise. 

Only  PeopleSoft  CRM  is  fast  to  implement,  easy  to  use,  and  delivers  smart  business  processes  for  managing 
your  customer  relationships.  It  integrates  real-time  information  across  your  organization  to  help  determine  the 
most  profitable  ways  to  manage  customers.  Simply,  PeopleSoft  CRM  turns  every  point  of  customer  contact 
into  a  profit  opportunity.  Learn  more  by  visiting  us  at  www.peoplesoft.com/realtime  or  call  1-888-773-8277 


PeopleSoft. 


Customer  Relationship  Management 


33  PeopieSofi,  Inc.  PeopleSoft  is  a  registered  trademark  of  PeopleSoft, 


trendlines 


INNOVATION 


Science  Fairs  Grow  Up 


An  international  competition  for  university  students  encourages 
entrepreneurs  and  unearths  innovations 


petition  designed  to  expose  commercially 
viable  ideas  to  the  outside  world  while  also 
teaching  students  valuable  lessons  about 
building  a  company. 

Doggett  and  Nichols  wanted  to  be  sure, 
however,  that  this  wasn’t  going  to  be  just 
another  business  plan  competition.  So  they 
laid  down  some  strict  rules.  The  technol¬ 
ogy  had  to  be  developed  on  campus.  It  had 
to  be  proven  to  work.  It  had  to  solve  a 
problem  for  a  market  of  reasonable  size. 
Intellectual  property  ownership  had  to  be 
worked  out  beforehand.  And  the 
teams  needed  to  include  a  busi¬ 
ness  student  and  a  law  student 
because,  Doggett  says,  in  the  real 
world,  engineers  can’t  work  in  a 
vacuum. 

The  first  competition  in  2001 
included  seven  teams.  The  2002 
event  drew  33.  And  2003  saw 
that  number  hit  82.  Now  the 
contest  has  gone  international, 
spreading  to  the  Georgia  Institute 
of  Technology,  Imperial  College 
London,  Penn  State  University, 
Purdue  University  and  Stanford 
University. 

This  past  November,  the  six 
schools’  teams  competed  in  the 
first  international  competition  for  a 
modest  prize  of  $10,000.  But  the 
award  is  just  a  small  part  of  the 
draw.  Instead,  the  students  are 
seeking  a  learning  experience — as 
well  as  exposure  to  potential  fund¬ 
ing  sources  (the  University  of  Texas 
campus  competition  attracts  local 
venture  capital  firms).  Simply  making  the  ini¬ 
tial  presentations  can  be  a  serious  life  lesson. 

“It’s  a  little  painful  the  first  time  you  get 
up  there,”  says  University  of  Texas  student 
Scott  Evans,  whose  team  wants  to  commer¬ 
cialize  a  new  method  to  mold  aluminum 
parts.  Evans’s  group  went  to  the  interna¬ 
tional  contest,  which  was  won  by  an  asthma 
treatment  and  monitoring  device  from  the 
Imperial  College  London  team. 


SOMETHING  WAS  bothering  John  Doggett. 
The  director  of  entrepreneurship  programs 
at  The  University  of  Texas’s  McCombs 
School  of  Business  looked  around  campus 
and  realized  that  he  was  surrounded  by 
ideas.  With  163  professors  and  researchers, 
plus  6,500  students,  the  labs  and  lecture 
rooms  were  filled  with  promising  research 
and  strong  hunches.  Unfortunately,  most 
of  those  ideas — no  matter  how  valuable — 
would  never  leave  the  university. 

The  school — like  many  others — had  an 


Office  of  Technology  Commercialization,  but 
the  organization  was  mostly  interested  in 
licensing  technology,  not  developing  com¬ 
mercial  potential.  So  with  the  drive  of  a 
good  entrepreneur,  Doggett  set  out  to  find 
a  solution.  After  consulting  with  like- 
minded  people  at  the  university’s  School  of 
Engineering,  Doggett  and  Associate  Vice 
President  of  Research  Steve  Nichols  formed 
what  would  become  Idea  to  Project,  a  com- 


This  Date  in 

IT  History 

January 


Personal  Computers 
Hit  the  Mainstream 


Jan.  3, 1983  Time  magazine  selects 

the  PC  as  “the  machine  of  the  year,”  the 
prime  mover  and  shaker  of  the  past  year. 

"Several  human 
candidates  might 
have  represented 
1982,”  notes 
Publisher  John  A. 
Meyers  in  a  note  to 
readers.  "But  none 
symbolized  the 
past  year  more 
richly,  or  will  be 
viewed  by  history 
as  more  signifi¬ 
cant,  than  a 
machine:  the  computer.”  In  its  Jan.  3rd 
issue,  Time  devotes  thousands  of  words  to 
the  revolution  spawned  by  Apple’s  Steve 
Jobs,  IBM’s  John  R.  Opel  and  others.  The 
magazine  cites  an  estimate  that  100 
companies  sold  2.8  million  PCs  worth 
$4.9  billion  in  1982.  This  moment  in  Time 
was  not  without  its  hiccups,  however.  As 
Meyers  writes:  “For  all  that  computers  have 
achieved,  they  can  still  prove  frustrating,” 
adding  that  writers  at  the  magazine  had 
seen  work  disappear  and  connections  lost 
during  text  transmissions. 


Teams  are  guided  and  critiqued  by  an 
advisory  committee  made  up  of  academics 
and  business  leaders.  “You  have  people  who 
will  help  you  move  forward,”  Evans  says. 
“[They’ll  help  you]  analyze  the  market  and 
suggest,  Have  you  asked  this  question?” 

Interest  in  the  competition  is  growing. 
Doggett  says  that  next  year’s  contest  could 
include  20  teams,  including  schools  from 
China,  India,  Japan  and  Mexico.  And  with 
wider  competition,  so  grows  the  likelihood 
that  significant  commercial  products  will 
emerge — a  prospect  that  excites  the  com¬ 
petition’s  creators.  “We’re  focused  on  bring¬ 
ing  Rembrandts  out  of  the  the  attic,” 
Doggett  says.  -Christopher  Lindquist 


2  8  CIO  JANUARY  15,  2004  • 


www. cto.com 


ILLUSTRATION  BY  CHRIS  SPOLLEN/SIS;  PHOTO  COURTESY  OF  TIME  MAGAZINE 


Why  Mark 
"give  it  to  me  in 
dollars  &  cents" 
Ellis  loves  his 
Savin  4035sp: 


“I  want  numbers.  Before  I  buy  any  office  machine  I  want  to  know  total  cost  of  ownership.  I  want  this 
thing  to  pay  for  itself,  and  fast.  With  this  Savin  digital  imaging  system  it  went  beyond  just  input-output. 
It  was  all  that  in-betweenput —  the  applications  our  Savin  guy  showed  us.  You  know  how  much  time 
that  saves  us?  Hey,  time  is  money.  So  to  me,  choosing  Savin  was  a  real  no-brainer.” 

See  what  Savin  can  do  for  you  at  www.savin.com. 

5  3  l/l  II  works  here. 

©2003  Savin  Corporation 


trendlines 


The  Growing  Importance  of 
Internet  Purchasing 

Large  companies  can  leverage  their  buying  power  online 


THE  INTERNET  is  gaining  value  as  a  way  to 
conduct  business  with  suppliers,  according 
to  a  recent  report  that  identifies  steady 
growth  for  Internet  purchasing. 

A  survey  by  Forrester  Research  and  the 
Institute  for  Supply  Management  shows  that 
the  percentage  of  companies  that  consider 
the  Internet  critical  for  purchasing  has  dou¬ 
bled  since  2001.  “Purchasing  via  the  Internet 
is  strategically  important  [for  nonmanufac¬ 
turers]  because  of  the  limited  availability  of 


other  channels  for  making  purchases,”  says 
Forrester  analyst  Andrew  Bartels. 

The  survey  found  that  17  percent  of 
companies  that  buy  more  than  $100  mil¬ 
lion  in  goods  per  year  considered  the  Inter¬ 
net  critical  for  their  purchasing  plans  in 
the  next  year,  while  just  7  percent  of  those 
spending  less  than  $100  million  per  year 
said  the  same — a  sign  that  large  compa¬ 
nies  can  use  the  Internet  to  leverage  their 
buying  power. 


The  percentages  of  manufacturers  and 
nonmanufacturers  that  consider  the  Internet 
critical  for  purchasing  has  doubled  in  the  i^o/0 


Q3  2001  Q3  2003  Q3  2001  Q3  2003 


MANUFACTURERS  NONMANUFACTURERS 


And  the  Internet  is  especially 
important  to  big  spenders. 


7% 


Q3  2001  Q3  2003 

SMALL  SPENDERS  (<  $100M  per  year) 


17% 


Q3  2001  Q3  2003 

BIG  SPENDERS  (>  $100M  per  year) 


SOURCE:  2003  survey  by  Forrester  Research  and  the  Institute  for  Supply  Management 


Best  Practices 

Analyze.  Start  at  the  source.  Collect 
and  analyze  your  purchasing  data 
to  identify  your  top  spending 
categories  and  suppliers.  Use  this 
information  to  negotiate  better  or 
bigger  deals  or  to  seek  new  partners 
that  can  meet  your  demands. 
Consider  makingthe  ability  to 
conduct  Internet-based  transac¬ 
tions  a  condition  of  doing  business. 

Source.  Pare  your  suppliers  to  a 
preferred  list.  Interact  with  suppliers 
that  offer  the  best  deals  and  com¬ 
municate  with  you  the  way  you  want 
them  to  (via  the  Internet),  and  look 
for  ways  to  collaborate.  Consider 
reverse  auctions,  traditional  online 
auctions  and  Internet  marketplaces. 
Volume  purchasing  with  a  small, 
preferred  group  of  suppliers  can 
reduce  costs. 

Procure.  Deploy  e-procurement 
tools.  Enterprise  e-procurement 
software  from  the  likes  of  Ariba, 
PeopleSoft  and  SAP,  for  instance, 
reduces  the  time  and  effort  involved 
in  purchasing  by  allowing  employ¬ 
ees  to  electronically  search  supplier 
catalogs  and  generate  purchase 
orders.  These  tools  also  provide 
visibility  into  the  process  so  that 
supply  chain  managers  can  ensure 
that  employees  are,  in  fact,  buying 
from  preferred  suppliers. 

Revisit.  Cycle  back  to  identify  new 
spending  categories.  To  maximize 
benefits,  reapply  this  process 
across  the  supply  chain.  As  a 
general  rule  of  thumb,  reexamine 
your  purchasing  data  in  a  particular 
category  every  six  months.  As  this 
process  matures,  the  cycle  may 
shorten  to  once  per  quarter. 


30  CIO  JANUARY  15,  2004  •  www.cio.com 


BUT  PICKING  ONE  UP  CAN  BE  PAINFUL 

Signing  your  name  means  taking  responsibility. 

For  a  contract.  For  an  idea.  For  the  future. 

With  our  Associates  on  your  project,  with  their  skills  and  experience, 
It’s  easier  for  you  to  take  responsibility. 

It’s  easier  to  lift  that  pen. 


Were  Resources  Connection. 
We  create  value  for  clients  by 
helping  them  execute  then- 
strategies  more  cost-effectively. 
We  began  as  part  of  a  Big  Four 
firm;  now  we  are  independent 
and  publicly  traded.  Our  heritage 
attracts  the  best  project  specialists, 
veterans  of  the  Big  Four  firms 
and  FORTUNE  500*  companies 
—  so  they  know  how  it  feels  to 
hold  that  pen. 

800-900-1131 

resourcesconnection.com 


/^RESOURCES" 

CONNECTION 

Get  there  with  people  who  have  been  there  before .  " 

Finance  and  Accounting,  HR,  IT,  Internal  Audit  and  Supply  Chain  Management 


Junk  Portal 


trendlines 


YOUR  TRASH  COULD  BE  someone  else’s  treasure,  but  chances 
are  it’s  just  plain  junk. 

So  instead  of  renting  a  Dumpster  or  spending  a  Saturday 
making  dump  trips,  customers  of  1-800-Got-Junk  are  using  the 
Web  to  throw  away  their  unwanted  stuff. 

When  Anthony  Haraguchi,  a  network  engineer,  wanted  to  empty 
his  garage  of  old  books,  kitchen  gadgets  and  a  stove,  he  used  the 
junk  removal  company’s  recently  launched  online  booking  system. 
After  accessing  www.1800gotjunk.com,  Haraguchi  estimated  it 
would  take  two  people  30  minutes  to  clean  out  his  garage.  And 
when  the  two  haulers  arrived,  priced  the  job  at  $150  and  loaded  the 
truck,  Haraguchi  paid  the  money— without  tying  one  trashbag.  “We 
don’t  have  a  car  big  enough  to  throw  the  stuff  away,”  he  says.  “It  was 
real  convenient  to  go  through  them.” 

The  14-year-old,  privately  held  company,  with  revenue  of  about 
$17.5  million  in  2003,  specializes  in  transporting  nonhazardous 
trash  to  recycling  centers  and  transfer  stations,  and  recently  has 
added  technology  to  the  mix.  Cameron  Herold,  vice  president  for 
operations,  sees  the  irony.  “It’s  a  very  IT-driven  company,  but 
we’re  about  as  offline  as  you  can  get.  We  work  with  junk,”  he  says. 

Herold  expects  the  company  to  log  $450,000  in  online  book¬ 
ings  during  its  first  three  months,  and  $3  million  during  2004.  The 
company’s  Vancouver  call  center  goes  through  a  homegrown 
JunkNet  system,  which  provides  CRM,  scheduling  and  accounting 
data  for  90  franchises  in  the  United  States  and  Canada.  The 
system  is  flexible  enough,  Herold  says,  to  reschedule  jobs  when 


customers  give  inaccurate  estimates  of  their  stuff  to  discard,  or 
when  one  of  the  company’s  more  than  150  trucks  breaks  down. 
Drivers  use  wireless  PDAs  or  WAP-  or  HTML-compatible  cell 
phones  to  access  their  schedules. 

Customers  don’t  get  pricing  estimates  over  the  phone  or  Web. 
Instead,  prices  are  determined  onsite,  based  on  location,  the 
amount  and  weight  of  the  trash,  and  recycling  surcharges  for 
items  like  computer  monitors  and  refrigerators. 

The  company  will  take  just  about  anything  except  hazardous 
waste,  according  to  its  website.  How  about  13  huge  porcelain 
Buddha  statues?  Or  18,000  cans  of  expired  sardines?  Put  ’em  on 
the  truck. 

-Sarah  Johnson 


got  to  somehow  try  to  be  half  a  step  ahead 
so  that  when  decisions  are  made,  they’ve 
got  enough  of  a  lead  time  that  they  have 
built  themselves  in  order  to  react. 

Otherwise,  they’re  constantly  running 
behind  and  taking  a  hit  if  they  don’t  have 
appropriate  initiatives  under  way  to  deliver 
the  needed  solutions. 


During  an  October  2003  webcast  on 
e-govemment  sponsored  by  the  Council  for 
Excellence  in  Government,  Steve  Cooper, 
CIO  of  the  Department  of  Homeland 
Security,  was  asked  about  the  federal 
agency  CIO  role.  His  comments: 

IN  AN  IDEAL  WORLD,  the  CIO  has  to  have  a 
seat  at  the  business  table.  They  have  to  be  a 
full  member  of  the  decision-making  process 
around  business  goals,  objectives,  strategies, 
mission,  vision.  Everything  flows  from  that. 

If  a  CIO  has  that  seat  at  the  table,  then 
what  basically  flows — in  an  easy,  noncon- 
tentious  manner — are  the  appropriate  prior¬ 
ities,  and  prioritization  of  initiatives  that  are 
U-enabled.  What  flows  from  that  are  metrics 


and  various  service-level  agreements  as  to 
what  we’re  going  to  do,  how  we’re  going  to 
do  it.  And  more  important,  how  we  measure 
value  against  our  goals  and  objectives. 

Now  here’s  the  observation  part  of  this: 
There  are  very  few  departments  where  a 
CIO  has  a  seat  at  the  business  table.  IT  is 
not  viewed  as  a  strategic  partner;  it’s  viewed 
as  a  support  function. 

And  as  long  as  it  continues  to  be  viewed 
as  a  support  function,  there  will  be  a  para¬ 
dox.  There  will  be  a  split  or  a  divergence, 
and  the  CIO’s  job  becomes  one  of  doing 
everything  that  they  ideally  need  to  do — 
but  doing  it  as  a  disadvantage.  They’ve  got 
to  make  some  guesses  about  what’s  going 
on  in  the  executive  leadership  team.  They’ve 


32  CIO  JANUARY  15,  2004  •  wwvn  ,c\o  .com 


PHOTO  TOP  BY  GETTY  ONE  IMAGES/PHOTODISC;  BOTTOM  BY  RON  HOLTZ 


"Jack:  Have  everyone  bring  their  money. 
We're  on  for  the  poker  game  tonight.  " 


"West  Coast  Sales  Team:  Proceed  with  orders  - 
inventory  has  been  restocked.  " 


Every  message  is  important.  But  some  are  essential.  When  your  message  is  mission  critical,  there's  SkyTel. 
Unlike  the  hit-and-miss  world  of  cell  phones,  with  SkyTel,  message  delivery  is  guaranteed.  For  information 


regarding  the  high  reliability  of  SkyTel  messaging,  visit  skytel.com/go  or  call  1.800.792.2238.  Assuming,  of 


course,  that  your  cell  phone  is  in  the  right  coverage  area. 


— - trendlines - 

Washington  Witch 

Edited  by  Elana  Varon 


Training  Key 
to  Keeping 
Jobs  in  U.S. 


Science  panel  head  says  more 
funding  needed 


REP.  SHERWOOD  BOEHLERT  (R-N.Y.),  the 
chairman  of  the  House  Science  Committee 
since  2001,  has  long  advocated  for  tech¬ 
nology  training  and  education  programs 
for  U.S.  workers.  In  an  interview  via  e-mail, 
he  says  this  is  a  key  to  U.S.  workers  remain¬ 
ing  competitive  in  the  global  labor  pool. 

CIO:  Corporate  and  labor  leaders  are 
worried  that  we're  in  danger  of  losing  our 
world  leadership  in  technology  innova¬ 
tion.  What  can  Congress  do  about  it? 
Sherwood  Boehlert:  Tire  government  alone 
cannot  guarantee  U.S.  competitiveness.  But 
[it]  should  be  investing  in  high-risk,  high- 
reward  basic  science  that  the  private  sector 
often  can’t  justify.  We  put  the  National  Sci¬ 
ence  Foundation  on  a  track  to  double  its 
budget  over  five  years,  and  we’ve  just  sent  to 


the  president  a  bill  that  authorizes  $3.7  bil¬ 
lion  over  four  years  for  nanotechnology. 
[President  Bush  signed  the  bill  Dec.  3.] 

More  foreign  workers  are  getting 
advanced  degrees  in  technology-related 
fields  than  U.S.  workers.  What  do  U.S. 
workers  need  to  do  to  remain  competitive? 

Many  other  nations  have  become  relatively 
more  competitive,  particularly  with  regard 
to  the  quality  of  their  workforce.  We  have 
to  run  faster  just  to  stay  in  place,  and  it’s 
not  clear  that  we’ve  been  keeping  pace. 

Each  of  the  R&D  bills  I  authored  during 
the  last  two  years  [including  the  Cyber 
Security  Research  and  Development  Act  of 
2002]  contains  provisions,  including  schol¬ 
arships  and  graduate  traineeships,  to 
encourage  American  students  to  pursue 


degrees  in  technical  fields.  Some  of  these 
programs  haven’t  been  funded  as  gener¬ 
ously  as  I  would  like — and  we’re  working 
on  that.  But  there’s  no  question  that  mak¬ 
ing  a  technical  education  more  desirable 
is  one  of  the  keys  to  our  competitiveness. 

What  do  you  think  about  the  trend  of  U.S. 
companies  sending  tech  jobs  offshore? 

I  don’t  like  to  see  any  jobs  move  offshore. 
We  have  to  continue  to  invest  across  the 
board  in  our  nation’s  innovation  capacity. 
That  means  support  for  science  and  tech¬ 
nology  education,  for  research  and 
advanced  technology  development,  and  for 
technology-based  regional  economic  devel¬ 
opment.  That  describes  in  a  nutshell  the 
agenda  for  my  committee. 


-Grant  Gross 


No  Mandate  for  CIOs  in  Electronic  Checking  Law 

Banks,  not  their  customers,  will  shoulder  new  IT  investments 

CHECK  21,  the  banking  modernization  act  signed  into  law  in  October, 
is  going  to  make  your  CFO  happier.  By  allowing  banks  to  process 
checks  electronically,  valid  checks  will  clear  faster,  and  fraudulent  or 
bounced  checks  will  be  discovered  sooner.  And  it’s  going  to  make 
you  happy  too.  Congress,  by  choosing  not  to  include  incentives  to 
adopt  electronic  payments,  essentially  guaranteed  that  paper  checks 
will  remain  dominant  for  the  foreseeable  future.  That  means  there’s 
no  pressure  for  most  CIOs  to  invest  in  new  financial  systems  to  pay  bills  online. 

Banks  will  save  money  by  eliminating  check-handiing  costs  and  standardizing  on  an 
electronic  check-processing  infrastructure.  Today,  paper  checks  are  flown  cross-country 
from  the  depositor’s  bank  to  the  issuer’s,  passing  through  couriers  and  clearinghouses 
along  the  way.  A  typical  check  is  handled  by  as  many  as  20  people  before  it  clears,  says 
John  Hall,  spokesman  for  the  American  Bankers  Association.  Starting  next  Oct.  28,  banks 
can  scan  paper  checks  and  use  the  electronic  document  to  clear  each  transaction. 

According  to  a  2002  Federal  Reserve  report,  the  number  of  checks  paid  in  the  United 
States  dropped  by  7  billion  from  1995  to  2000,  while  the  number  of  electronic  payments 
increased  by  14.2  billion.  Peter  James,  who  covers  corporate  banking  for  the  Tower- 
Croup,  says  that  consumers  primarily  account  for  this  trend-most  businesses  still 
write  checks.  Because  banks  will  save  under  the  law,  the  checking  fees  banks  charge 
corporate  customers  should  decline.  James  says  there’s  no  incentive  for  banks  to  push 
customers  toward  online  payments  as  a  cost-saving  measure.  The  result:  little  or  no 
change  for  IT.  -Ben  Worthen 


3  4  CIO  JANUARY  15,  2004  • 


www.cio.com 


PHOTO  LEFT  BY  AP/WIDE  WORLD  PHOTOS;  PHOTO  RIGHT  BY  GETTY  ONE  IMAGES/PHOTODISC 


Seeing  is  believing. 

Finally,  there's  a  system  that  delivers  the  information  you  need,  when  you 
need  it  for  better  IT  business  decisions.  Blazent  software  automatically  and 
continuously  analyzes  your  enterprise-wide  IT  assets  and  resources,  telling  you  exactly  what  you  have 
and  how  much  -  or  how  little  -  it's  utilized.  Best  of  all,  Blazent  intelligence  reports  clearly  identify 
how  you  can  optimize  the  financial  performance  of  your  IT  infrastructure.  To  learn  more  about  Blazent 
IT  intelligence  software,  visit  www.Blazent.com.  Information  you  Can  act  on. 


>r  Dtsk  Capacity  Analysis 


| - A--’0O« 


PC  Login  Racancy  Analysis 


— 


Top  Tan  Host  Usad  PC  Applications 


See  your  own  IT  savings  and  believe  it! 

Call  650.286.5500  to  know  if  you  qualify  for  a  free 
30-day  optimization  assessment. 


□ BLAZENT 


©2003  Blazent,  Inc.  Blazent  and  the  Blazent  logo  are  trademarks  of  Blazent,  Inc. 


REAL-TIME  IT  INTELLIGENCE 


REAMS  HAVE  BEEN  WRITTEN  ABOUT  WINDOWS 
AND  LINUX.  LET'S  SKIP  TO  THE  BOTTOM  LINE. 


Microsoft 


Source:  IDC  2002 


USD 

$120,000 

$100,000 

$80,000 

$60,000 

$40,000 

$20,000 

$0 


Five-Year  Total  Cost  of  Ownership  by  Workload  ($) 


Networking  File  Print  Web  Security 


A  recent  IDC  white  paper  summarized  the  five-year  cost  of  ownership  of 
a  Linux  server  environment  compared  to  a  Microsoft®  Windows®  server 
environment  this  way:  Windows  comes  out  lower  in  cost  in  four  out  of  five 
workloads  and  11  to  22  percent  lower  in  cost  overall.  To  get  the  full  study 
or  more  third-party  findings,  visit  microsoft.com/getthefacts 


©  2003  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of  Microsoft 
Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Windows 
Server  System 


TOPofMiNn 


ELECTION  2004:  CRITICAL  DECISIONS 

Five  IT  Marching  Orders  for 
the  Next  Administration 

While  CIOs  are  often  wary  of  government  intervention  into  any¬ 
thing  IT,  when  it  comes  to  a  few  major  issues  they  agree  that  a 
little  federal  attention  could  go  a  long  way 

TO  COMPLEMENT  C/O’ s  coverage  of  this  year’s  presidential  election  (beginning  on  Page  53),  we 
asked  members  of  the  CIO  Best  Practice  Exchange  to  take  a  survey  on  federal  IT  policy.  Ninety- 
four  members — who  are  all  senior-level  IT  executives  of  midsize  to  large  organizations — responded 
during  a  two-week  period  in  November.  Here  is  what  they  had  to  say  about  technology  policy. 


THE  COMMUNITY  HAS 
BEEN  JAWING  ABOUT... 


User-sponsored  IT  projects: 

Come  with  a  business  case 
or  not  at  all 

Shared  services  model: 

A  good  way  to  cut  costs  if  you 
can  pull  it  off 

Wanted:  IT  workers  with  solid 
business  skills 


Our  online  community  of  IT  executive 
members  meets  often  to  trade  tips, 
tactics  and  best  practices.  To  learn 
more,  visit  exchange.cio.com. 


1  CYBERSECURITY:  Get  busy!  More  than 
half  (54  percent)  of  the  survey  respondents 
are  in  favor  of  the  government  developing 
standards  for  corporate  cybersecurity.  One  IT 
executive  noted  that  such  efforts  should 
“belong  to  the  Department  of  Homeland 
Security,  since  terrorists — not  hackers — will 
want  to  bring  the  American  economy  to  its 
knees  using  technology-based  attacks.” 
Another  suggested  establishing  a  function 
similar  to  the  Centers  for  Disease  Control  and 
Prevention  to  evaluate  cyberthreats.  This 
would  include  a  “clearinghouse  for  risk  miti¬ 
gation  strategies,  and  a  central  emergency 
management  center  for  incident  response.” 

Not  everyone  was  so  gung  ho,  however.  As 
the  split  vote  indicates,  CIOs  agree  that  we 
need  to  tighten  cybersecurity,  but  they  are 
divided  on  their  faith  in  the  government  to 
deliver.  As  one  member  says,  “It  would  be 
wrong  to  assume  that  the  government  is  any 
better  or  worse  at  cybersecurity  than  any  com¬ 
mercial  firm.” 


2  OFFSHORE  OUTSOURCING:  Stop  the  job 
drain.  The  majority  (70  percent)  of  our 
survey  respondents  are  concerned  that  too 
many  highly  skilled  high-tech  jobs  are  being 
sent  offshore  and  that  the  United  States  will 
wind  up  losing  them  forever.  More  than 
60  percent  of  respondents  said  the  government 
should  step  in  to  preserve  IT  jobs  in  the  United 
States  and  limit  special  visas  for  overseas  high- 
tech  workers.  Low-cost  labor  may  be  great  for 
the  bottom  line,  but  these  IT  executives 
strongly  believe  we  need  to  mitigate  the  impact 
on  the  American  worker. 

PRIVACY:  Protect  our  data.  Personal  pri¬ 
vacy  is  an  endangered  species,  and  one 
way  or  another,  CIOs  say,  the  government  has 
to  protect  it.  When  we  asked  CIOs  to  name  the 
biggest  threat  to  personal  information,  nearly 
half  pointed  to  the  business  world:  Twenty- 
eight  percent  listed  corporate  error  and  use  of 
personal  information  as  the  top  threats,  and 
1 7  percent  cited  the  very  act  of  data  collection 
itself  as  a  privacy  problem.  Just  over  one-third 


3  8  CIO  JANUARY  15,  2004  • 


www.cio.com 


escapes  clutches  of  desk 

escape  “At  last  I’m  free.  thanks  to 


“At  last  I’m  free,  thanks  to 

Nokia  Mobile  Connectmty 

Solutions...and  it  feels  great, 

exclaims  Mary  Langer, 
office  manager. 


99 


Illtc  - o  f  ^ 

nteughUwasimPnsone^^ 

Nowl  can  vi  however  1  want.  1 

and  work  whenever  and  1  •  en(hused  ; 

^  “ [Z- f  fISm.' Workers  everywh 

fSt  CEOs  to  Account  Managers  are  rej 

from  CEOs  to  A  ^  ^  ^  thought  o 

Secure,  breakthrough  m  the 

Reliable,  working  lives.  “Mobr 

j  anrl  Connectivity  from 

Freedom  an  ^  (  can  make  be 

Flexibility  of  my  waiting  time  a 

■a  rFO  Don  Baker,  "whirl 
airport,”  said  ,  get  home 

me  more  family  «mte  wtog^was 

rairSa'l-^ld  sales  tea 


Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity 
solutions.  CIOs  and  IT  managers  can  provide  the 
mobility  and  security  of  anytime,  anywhere 
access  to  users  —  while  empowering  everyone 
from  the  CEO  to  field  salesforce  teams  with  the 
information  needed  to  do  their  work  where  and 
when  they  choose.  Nokia  Mobile  Connectivity 
solutions  include  a  range  of  IPSec-  and  SSL- 
based  client  and  gateway  products  that  provide 


secure,  appropriate  access  to  corporate  email 
and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their 
business  and  personal  lives.  All  solutions  are 
easy  to  deploy  and  manage,  are  based  on 
award-winning  technology  and  are  backed  by 
Global  Support  and  Services. 

So  if  you  want  greater  working  freedom 
that’s  IT  approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 


INIOKIA 

Connecting  People 


•S-  41 
Ol  c 
|= 


theExchange 


of  respondents  cited  hackers  as  the  greatest 
privacy  threat.  The  majority  (83  percent)  said 
they  look  to  the  government  to  address  the 
privacy  problem,  either  by  enforcing  exist¬ 
ing  rules  or  by  passing  new  legislation  that 


increases  personal  privacy  protections.  Gov¬ 
ernment  regulations — and  the  bureaucratic 
nightmare  that  tends  to  accompany  them — 
are  clearly  a  lesser  evil  than  the  unchecked 
collection  of  personal  data. 

SARBANES-OXLEY:  Clean  up  this  mess. 
Sixty-two  percent  of  survey  respon¬ 
dents  want  the  federal  government  to  clear 


up  the  quagmire  that  is  Sarbanes-Oxley  and 
give  companies  more  detailed  guidance 
about  what  controls  they  need  in  their  finan¬ 
cial  information  systems.  One  Exchange 
member  puts  it  bluntly:  “Fix  Sarbanes- 
Oxley.  It’s  one  of  the  most 
bureaucratic,  paperwork¬ 
intensive  legislative  acts 
stemming  from  Congress 
since  the  Johnson  admin¬ 
istration.”  These  CIOs 
would  rather  look  to  the 
government  for  imple¬ 
mentation  guidelines  than 
rely  on  the  advice  of  a  new 
raft  of  consultants  all  too 
eager  to  fill  in  the  knowl¬ 
edge  gap. 

SOFTWARE  QUALITY: 
Let  the  free  market 
reign.  Software  may  be 
broken,  but  CIOs  don’t 
want  the  government  to 
fix  it.  Seventy-eight  per¬ 
cent  of  survey  respondents  said  the  govern¬ 
ment  should  play  no  regulatory  role  in 
improving  software  quality.  “Let  the  free 
market  solve  this,”  writes  one  CIO.  “If  soft¬ 
ware  standards  were  up  to  the  government 
to  regulate,  Congress  would  still  be  arguing 
over  the  proper  standards  for  8 -inch  floppy 
disks,  and  they’d  cost  $1,000  apiece.” 


Where  the  Money  Should  Go 

Our  survey  asked  what  one  IT  problem  Exchange  members  would 
want  the  next  administration  to  address  with  its  technology 
research  budget.  Here  is  their  wish  list: 

Security:  “Secure  governmental  voice  and  data  networks  from 
foreign  and  domestic  infiltrators.” 

Spam:  “Spam  legislation  that  is  consistently  enforced.” 

Education:  "Find  more  effective  education  and  training  mecha¬ 
nisms  for  high  school  and  college  students  in  technology  and 
science." 

Wireless:  "We  need  wireless  technology  that  contains  enough 
bandwidth  to  address  the  needs  of  consumers  and  business.” 

Emerging  technologies:  “Give  greater  tax  incentives  for  invest¬ 
ment  in  new  technologies.” 


One-Liners 

ON  TELECOM  VENDORS 

Telcos  are  like  the  airlines. 

If  you  refused  to  fly  any 
airline  that  treated  you 

badly,  you  wouldn’t  fly  at  all. 

-FORMER  CIO  OF  A  CONSTRUCTION  COMPANY 


Q:  We  have  successfully  justi¬ 
fied  adding  a  dedicated  secu¬ 
rity  person  to  our  IT  staff  to 
O  manage  all  security-related 
projects  and  monitor  security- 
related  systems.  But  management  is 
reviewing  a  proposal  suggesting 
that  this  position  reside  in  our  inter¬ 
nal  audit  department.  I  have  many 
concerns  about  this.  Does  anyone 
have  experience  with  dedicated 
security  staff  residing  in  another 
department,  such  as  internal  audit? 

-I.T.  DIRECTOR. 

NONPROFIT  ORGANIZATION 


A:  Some  may  argue  that  the 
security  person  should  also  be 
the  IT  auditor,  and  depending 
O  upon  the  size  and  dynamics  of 
your  business,  this  may  work.  But  if 
you  have  greater  than,  say,  500  users 
and  an  IT  staff  larger  than  20, 1  would 
consider  it  vital  to  have  a  security  man¬ 
ager  (CSO)  within  the  IT  department. 

I  have  such  a  position  at  my  com¬ 
pany.  The  role  he  plays  is  threefold: 
He  educates  himself  on  the  topic  of 
IT  security  and  spreads  the  word  to 
business  associates  who  need  to 
know;  he  develops  security-related 
policies  from  his  learning  and  bench¬ 
marking;  and  he  ensures  that  IT 
managers  abide  by  these  policies  via 
sponsorship  of  internal  audits  (with 
an  outside  company)  and  diligent 
follow-up  on  the  findings.  Currently, 
this  role  is  handled  by  the  same 
person  who  handles  IT  administra¬ 
tion  (billings,  contracts,  budgets). 
Should  we  get  bigger  as  a  company, 
we  would  consider 
making  this  a  full-time 
position. 

-JOHN  A.  ZARB. 
VP  AND  CIO.  LIBBEYINC. 


40  CIO  JANUARY  15,  2004  •  www.cio.com 


IF  YOU’RE  LOOKING 
FOR  THE  TRUE  HEART  OF  YOUR  SERVER, 

YOU  MUST  LOOK  DEEPER  THAN  THE  CPU 

Hidden  inside  your  servers  are  chips  pumping  data  through  your  entire  network— quickly,  reliably  and  seamlessly.  Broadcom’s 
ServerWorks™  System  I/O™  chipsets  provide  the  top  5  server  manufacturers  with  the  industry’s  most  advanced  technology 
for  IA-32  systems1.  Technologies  such  as  memory  mirroring  with  hot-plug  capabilities,  which  allows  on-the-fly  swapping  of 
your  server’s  RAM,  reliably  keep  your  data  flowing  and  your  business  operating.  In  fact,  our  server  chips  offer  twice  the  data 
bandwidth  of  our  nearest  competitor,  and  are  the  only  to  boast  integrated  dual-port  Gigabit  Ethernet.  With  Broadcom  in  your 
servers,  you’re  prepared  for  the  ever-increasing  throughput  requirements  of  next-generation  networks. 


r 


Read  how  to  utilize  Broadcom®  chips  as  the 
catalyst  that  drives  your  network  performance 
to  new  heights.  Download  our  white  paper, 
“Next-Generation  Server  Technology:  The  Key 
to  Speed,  Productivity  and  Reliability,”  now  at 
www.cio.gobroadcom.com/servers 


Broadcom®,  the  pulse  logo,  Connecting  everything®  ServerWorks™,  the 
ServerWorks  logo  and  System  I/O™  are  trademarks  of  Broadcom  Corporation 
and/or  its  affiliates  in  the  United  States  and  certain  other  countries.  All  other 
trademarks  are  the  property  of  their  respective  owners. 


’Source:  IDC  Worldwide  Quarterly  Server  Tracker,  Q2  2003 


Patricia  Wallington  I  Total  Leadership 


Meet  the 
New  Boss, 
Not  the  Same 
as  the  Old  Boss 

How  to  handle  the  changes  under  a  new  chief 


IMAGINE  THAT  YOU  HAVE  your  IS  organization  under  control.  Prior¬ 
ities  are  in  order,  targets  are  being  met  and  everything  is  running 
smoothly.  You  decide  to  take  a  well-earned  vacation.  But  on 
your  return  you  discover  that  a  management  shuffle  means 
you  have  a  new  boss. 

How  you  react  to  this  news  can  be  either  a  career-enhancer 
or  a  career-killer.  I  have  seen  some  otherwise  excellent  leaders 
stumble  in  these  situations.  Here  are  some  things  you  can  do  to 
ensure  a  successful  transition. 


status  quo?  Knowing  the  reasons  will  help  you  craft  a  strategy 
for  succeeding  in  the  new  order  of  things. 

Take  the  time  to  study  the  new  boss’s  management 
approach.  This  will  help  you  respond  appropriately  to  the 
changes.  What  kind  of  communication  is  most  effective — 
written,  verbal,  graphic?  Is  he  interested  in  details  or  only  an 
overview?  Will  he  be  involved  in  technical  decisions  or  focus  on 
the  business  issues?  Does  he  like  to  be  the  star,  the  visible  leader 
of  the  organization?  Is  he  a  nurturer  who  will  be  interested  in 
your  development  and  success?  Knowing  these  things  early  on 
can  save  you  many  missteps. 

How  can  you  determine  these  things?  The  most  direct  way  is 
to  simply  have  a  conversation  with  the  new  boss  and  ask  about 
his  requirements.  You  can  follow  that  up  by  talking  with  others 
who  have  worked  for  and  with  him  in  the  past.  This  will  con¬ 
firm  or  emphasize  those  critical  elements  of  management  style. 


Expect  Change 

Don’t  delude  yourself  into  thinking  your  job  might  not  change. 
A  new  boss  will  almost  always  bring  a  new  set  of  expectations 
and  priorities.  A  new  boss  will  want  to  put  her  own  stamp  on 
the  organization.  Demonstrate  your  openness  to  the  changes. 
Now  is  not  a  good  time  to  be  defensive. 

Find  out  what  brought  about  the  change  in  management.  Is 
this  a  normal  rearrangement  of  the  deck  chairs?  Was  someone 
promoted  elsewhere,  generating  a  ripple  effect?  Was  there  some 
discontent  (perhaps  unknown  to  you)  with  the  organization’s 

42  CIO  JANUARY  15,  2004  •  www.cio.com 


ILLUSTRATION  BY  EDWARD  SCHNURR 


AT&T  Wireless 

average  speed  20-40  Kbps  on  the  Treo™  600 


Sprint 

average  speed  50-70  Kbps  on  the  Treo™  600 


Get  information  nearly  twice  as  fast  on  the  newest  smart  device  from  Sprint. 


Your  employees  can  get  more  done,  faster,  in  more  places 
nationwide  with  Sprint  and  its  newest  smart  device. 


Comparing  high-speed  wireless  data  networks  for 
the  Handspring™  Treo™  600,  Sprint  lets  employees 
send  and  receive  information  nearly  twice  as  fast  as 
AT&T  Wireless.  So  they  can  spend  less  time  waiting 
and  more  time  working. 

•  Phone-sized  design  with  Palm™  OS  5.2 

•  Five-way  navigation  control  with  QWERTY  keyboard 
for  one-handed  use 

•  Integrated  PDA  and  phone  can  access  calendar,  email 
and  the  Web;  take  pictures;  and  send  picture  messages 

All  this  and,  of  course,  clear  calls  on  the  nations  most 
complete,  all-digital  wireless  network  to  make  your 
business  more  effective. 

Get  the  facts  at  sprint.com/facts  or  call 
877-459-8144  for  a  Business  Representative. 


PCS  Vision®*  Smart  Device 
Treo™  600  by  Handspring™ 


One  Sprint.  Many  Solutions™ 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


Comparison  based  on  speeds  applicable  to  each  carrier's  Handspring  Treo  600.  Actual  speeds  will  vary  based  on  coverage,  tasks  and  other  factors.  Coverage  claims  based  on  the 
Sprint  Nationwide  PCS  Network  (reaching  over  240  million  people)  and  the  AT&T  Wireless  GPRS  network  excluding  roaming  areas.  Copyright  ©2003  Sprint  Spectrum  L.P.  All  rights 
reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P. 


Patricia  Wallington  I  Total  Leadership 


Get  with  the  Program 

Because  of  your  experience,  you  can  be  a  big  factor  in  the  suc¬ 
cess  of  your  new  boss.  Visibly  support  her  ideas  and  actions. 
Provide  insight  on  potential  problems  and  sacred  cows.  Supply 
background  on  projects  and  other  initiatives. 

Some  people  resent  the  notion  that  part  of  their  job  is  to 
make  the  boss  look  good.  But  no  one  wins  if  the  head  of  the 
organization  loses  respect  and  support  from  vital  decision¬ 
makers.  Make  yourself  part  of  the  new  success. 

After  realigning  your  priorities,  focus  on  early  accomplish¬ 
ments.  These  quick  wins  will  be  the  building  blocks  of  your  per¬ 
sonal  credibility  with  the  new  boss.  One  of  the  advantages  of 


Do  you  think  the  boss’s  job  should  have  been  yours? 
Too  bad.  How  you  handle  this  disappointment 
may  determine  whether  you  ever  get  beyond  your 
current  job. 


a  new  leader  is  the  opportunity  to  make  new  alliances.  You 
can  build  fresh  networks  by  leveraging  the  relationships  of  the 
new  boss.  Take  the  opportunity  to  broaden  your  base  of  sup¬ 
port  by  tapping  into  those  resources. 

So  often  I  have  seen  people  follow  a  departing  boss  to  her 
new  organization.  While  this  may  seem  more  comfortable  than 
adjusting  to  the  changes  a  new  boss  will  bring,  in  the  long  run 
it  will  be  limiting.  Successful  leaders  learn  to  work  effectively 
with  other  leaders,  whether  they  are  above  you,  beside  you  as 
peers  or  deeper  in  the  organization.  Better  to  develop  the  skill 
to  succeed  on  your  own  than  to  hook  your  wagon  to  someone 
else’s  star. 

But  what  if  your  former  boss  is  your  mentor?  No  problem! 
Work  hard  to  keep  that  relationship  alive.  It’s  OK  to  briefly 
mourn  the  passing  of  the  baton,  but  don’t  let  the  politics  of 
personal  loyalty  stymie  you.  There  are  no  boundaries  limiting 
the  relationships  you  can  support.  It’s  only  self-limiting  behav¬ 
ior  that  establishes  those  boundaries.  Continue  to  nurture  your 
established  relationships,  but  use  new  alliances  to  broaden  your 
network  and  give  you  new  perspectives. 

While  you’re  getting  used  to  the  new  leadership,  don’t  for¬ 
get  to  help  your  staffers’  transition  too.  You  must  be  the  role 
model.  Whatever  your  personal  situation,  you  have  an  obli¬ 
gation  to  help  your  people  succeed.  Everyone  will  be  stressed 
and  overburdened  during  the  transition.  Be  certain  they  under¬ 
stand  the  new  job  requirements,  so  as  to  avoid  wasted  effort. 
Be  sensitive  to  their  own  career  uncertainties  in  the  face  of 


new  relationships  and  assessments.  Be  an  advocate  for  your 
people  with  the  new  boss:  Point  out  the  strengths  and  skills  of 
key  players.  At  the  same  time,  act  as  a  conduit  for  change — 
project  a  positive  perspective  on  new  decisions  and  priorities, 
explain  the  rationale,  and  actively  solicit  staffers’  support  for 
the  new  directions. 

Dead  Ends 

Some  emotions  and  responses  to  a  new  boss,  while  perfectly 
natural,  will  get  you  nowhere.  Don’t  let  pride  in  past  accom¬ 
plishments  get  in  the  way  of  your  prospective  success.  Change 
is  not  per  se  a  criticism  of  the  past,  but  rather  recognition  of  the 

future.  Don’t  give  in  to  impatience. 
Yes,  things  will  take  more  time,  as  the 
new  leader  gets  familiar  with  the  work 
of  the  organization.  Recognize  this  up 
front  and  plan  accordingly.  Meetings 
will  take  longer.  More  questions  will 
be  asked.  Decisions  already  made  may 
require  some  extended  discussion.  Be 
cheerful,  forthcoming  and  patient,  and 
this  phase  will  soon  pass. 

Do  not  get  in  a  power  struggle  with 
the  new  boss.  You  cannot  win.  State  your  positions  as  articu¬ 
lately  as  possible,  and  then  accept  the  final  decisions.  It  may  be 
necessary  to  accept  the  fact  that  being  right  can  sometimes  be 
wrong.  Just  be  careful  to  avoid  being  defensive.  Keep  critical 
thoughts  to  yourself.  Critical  comments  will  almost  always  get 
back  to  the  target  of  criticism.  (For  more  about  dealing  with  a 
new  boss,  see  “Survivor”  at  wunv.cio.com/printlinks.) 

Do  you  think  the  job  should  have  been  yours?  Well,  for 
some  reason  you  didn’t  get  it.  How  you  handle  this  disap¬ 
pointment  may  determine  whether  you  ever  get  beyond  your 
current  job.  Sour  grapes  are  not  attractive  on  anyone.  Deal 
with  the  disappointment  gracefully  and  show  your  maturity. 
Analyze  why  the  new  boss  got  the  job.  Get  help  if  you  find  it 
difficult  to  be  objective.  What  do  you  need  to  work  on  to 
improve  your  chances  next  time?  If  the  disappointment  is  too 
great  to  overcome,  you  may  want  to  consider  leaving  before 
your  behavior  becomes  too  destructive. 

The  best  advice  I  can  offer  is  to  learn  everything  you  can 
from  the  experience.  Someday  you  might  be  the  new  boss. 
Understanding  the  challenges  of  the  situation  will  ease  the  tran¬ 
sition  for  you  and  your  new  organization,  and  will  ensure  your 
success.  BE]  *** 


Send  your  thoughts  on  this  column  to  leadership @ 
cio.com.  Before  retiring  in  1999,  Patricia  Wallington 
was  corporate  vice  president  and  CIO  at  Xerox.  She  is 
now  president  of  CIO  Associates  in  Sarasota,  Fla. 


4  4 


CIO  JANUARY  15,  2004 


www.cio.com 


PHOTO  BY  FURNALD/GRAY 


gSBBfiB 


Now  get  Tablet  PC  and  notebook  functionality  in  one  system-for  one  low  price. 

Presenting  the  Fujitsu  LifeBook®  T3000  Tablet  PC.  A  unique  combination  tablet  and  notebook  that  gives  you  the 
best  of  both  worlds,  all  for  the  same  price  as  a  standard  notebookThe  LifeBookT3000 Tablet  PC  sets  a  new  standard  for  mobile 

versatility  and  convenience.  When  you  need  a  sleek  high-powered  notebook  simply  open  it  up  and 
use  its  full-size  keyboard.  Or,  when  you  want  to  sketch,  write,  or  take  notes,  pivot  and  secure  the 
screen  and  it  instantly  turns  into  a  Tablet  PC.  Either  way,  it  offers  you  built-in  wireless  access  to 
information  anywhere  with  the  latest  Intel®  Centrino™  mobile  technology.  So  stop  trying  to  decide 
on  whether  to  get  a  new  notebook  or  Tablet  PC.  Instead,  get  the  functionality  of  both,  for  the  price 
of  only  one.  Go  to  www.computers.us.fujitsu.com/2inl  or  call  1 .877.372.3473  today  for  details. 


MOBILE 
TECHNOLOGY 


THE  POSSIBILITIES  ARE  INFINITE 

©2003  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  Intel,  Intel  Centrino,  and  the  Intel  Centrino  logo  are 
trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation. 


Michael  Schrage  I  Making  IT  Work 


It’s  All  About  the  Execution 


What  Goes  On 

Behind 
Your  Back 

Your  company  may  outsource  IT,  but  your 
business  units  will  build  their  own  IT  systems  anyway. 
Here’s  how  to  make  sure  you  stay  in  the  loop. 

AN  I.T.  EXEC  WHO  effectively  outsourced  himself  out  of  a  top  job  at  a 
huge  consumer-packaged-goods  company  seemed  more  sur¬ 
prised  than  annoyed  by  his  old  firm’s  digital  strategy. 

“They’ve  outsourced  everything  they  think  isn’t  core,”  he 
observed.  “The  problem  is,  a  lot  of  the  stuff  the  CEO  and  the 
management  committee  says  isn’t  core,  the  business  units  and 
brand  managers  do.” 

The  result?  This  executive,  who’s  taken  early  retirement, 
anticipates  a  return  to  the  bad  old  days  of  “black  market”  and 
“gray  market”  departmental  IT  budgets.  “You  just  watch,”  he 
predicts,  “when  corporate  IT  won’t  provide  them  with  the  sys¬ 
tem  they  think  they  need,  the  business  units  are  going  to  go 
out  and  build  it  or  buy  it  themselves.  They’re  going  to  do  what 
they  think  is  best  for  their  business  regardless  of  whether  head¬ 
quarters  thinks  it’s  core  or  not.” 

Welcome  to  the  dirtiest  not-so-little  secret  surrounding  the 
rise  of  recentralized  IT  management  and  relentless  outsourc¬ 
ing:  The  P&L  businesses  will  build  or  buy  IT  anyway.  They 
may  do  so  with  their  own  IT  budgets,  bootlegged  budgets, 
slush  funds,  “consultants,”  college  interns,  hackers,  geeks, 


toothpicks  and  sealing  wax,  but  they  will  get  it.  Line  managers 
frequently — and  understandably — have  radically  different  per¬ 
ceptions  than  the  executives  at  the  corporate  pinnacle  of  what 
process,  products  and  programs  are  at  their  business  core. 

If  corporate  history,  human  nature  and  Machiavellian 
enterprise  politics  are  any  guide,  they’ll  also  build  or  buy 
these  systems  and  apps  without  either  the  knowledge  or 
approval  of  the  CIO.  This  is  IT  innovation  done  despite — or 
in  spite  of — the  CIO.  Why?  Because  CIOs  in  this  era  of  recen¬ 
tralization,  cost-cutting  and  outsourcing  are  unambiguously 
perceived  more  as  managerial  overhead  than  value-added 
partners.  If  coordinating  with  the  CIO  to  deploy  a  CRM  ini¬ 
tiative  is  more  costly  than  beneficial,  then  the  CIO  is  an 
enemy,  not  a  business  ally. 

The  result?  For  a  growing  segment  of  P&L  executives,  the 
“Cl”  in  CIO  no  longer  stands  for  “Chief  Information” — it’s 


4  6  CIO  JANUARY  15,  2004 


www. cio.com 


ILLUSTRATION  BY  CARL  WIENS 


Compuware 

Vantage 


THE  POWER  TO  Monitor,  Anticipate,  Resolve 

Monitor  application  performance  from  every  angle — from  the  end-user  perspective  and  back  through 
the  network,  to  the  server  and  database  tiers — with  Compuware  Vantage.  Anticipate  application 
bottlenecks  before  they  impact  business  processes.  End  the  fingerpointing  between  network,  server 
and  development  teams  and  bring  a 
new  balance  to  problem  resolution. 


The  leader  in  IT  value. 


COMPUWARE 

www.compuware.com 


Michael  Schrage  I  Making  IT  Work 


become  the  acronym  for  “Centralized  Infrastructure.”  Cen¬ 
tralized  infrastructures  are  more  about  managing  cost  than 
spurring  top-line  growth  and  profitability.  In  other  words,  busi¬ 
ness  units  have  powerful  incentives  to  cut  the  CIO  out  of  the 
loop.  That’s  bad  news.  “The  CIOs  I  know  are  way  too  busy 
putting  out  fires,  cutting  costs  and  supervising  SLAs  to  focus  on 
the  particular  needs  of  a  particularly  entrepreneurial  divisional 
leader,”  asserts  one  KPMG  managing  director.  “Line  execu¬ 
tives  who  actually  want  to  grow  their  business  are  operating  in 
‘better  to  seek  forgiveness  than  ask  permission’  mode.  If  they 
think  their  CIO  will  help,  they’ll  ask.  Otherwise,  they  have  this 
attitude  of  ‘Screw  ’em....’ 


“So  if  it’s  IT  crap  they  have  to  do  for  the  auditors  or  regu¬ 
lators,  they’ll  get  the  CIO  to  pay  for  it,”  he  continues.  “But  if 
it’s  an  app  they  think  will  boost  margins,  they’ll  just  do  it  by 
hook  or  by  crook.  If  it  doesn’t  work  out,  they’ll  blame  IT  for 
not  being  supportive  enough.  If  it  succeeds,  they’ll  ask  for  even 
more  money  and  say  that  IT  is  a  support  function,  not  a  real 
partner.  So,  again,  screw  ’em.” 

Harsh  words.  Then  again,  CIOs  have  to  ask  whether 
they’ve  fallen  into  the  seductive  but  debilitating  trap  of  sup¬ 
porting  strategic  corporate  objectives  at  the  cost  of  creatively 
enabling  annual  line-of-business  goals.  (CIO  readers  who 
think  these  two  are  synonymous  are  advised  to  update  their 
resumes.)  When  CIOs  are  cast  in  the  corporate  roles  of  “cost 
containers”  and  “outsourcers,”  they’re  sending  a  clear  signal 
throughout  the  enterprise  that  IT  growth  investments  are  a 
secondary  priority.  More  important,  CIOs  redoubling  their 
commitment  to  their  C-level  colleagues  are  effectively  com¬ 
municating  to  business  unit  executives  whose  calls  and  e-mails 
will  likely  be  returned  first. 

If  you’re  running  one  of  a  company’s  most  profitable  busi¬ 
ness  units,  does  putting  your  money  where  your  mouth  is  in  IT 
mean  collaborating  with  a  CIO  who  gets  “attaboys”  for  saying 
no  and  sending  software  development  to  Bangalore?  Or  does  it 
mean  launching  an  under-the-radar  CRM  or  sales-force 


SHARE  YOUR  OPINION 


Michael  Schrage  says  trying  to  control  the  IT  spend  of  your  company's 
business  units  is  a  fool's  errand.  What  do  you  think?  Go  to  this  column 
online  to  post  reactions  in  the  ADD  A  COMMENT  box. 

cio.com 


automation  or  datamart  initiative  that  generates  just  enough 
positive  results  that  the  management  committee  literally  can’t 
afford  to  say  no  to  a  funding  request?  You  tell  me.  People  who 
run  P&Ls  generally  aren’t  fools.  On  the  contrary,  they  tend  to 
be  more  pragmatic  than  C-level  executives  who  are  often  more 
beholden  to  impatient  analysts  and  investors  than  unhappy 
customers  and  clients.  CIOs  are  caught  in  the  middle.  On  the 
one  hand,  they  have  to  make  the  organizational  trains  run  on 
time.  On  the  other,  they’re  being  asked  to  build  747s  and  stealth 
aircraft  for  precision  market  strikes.  It’s  hard  to  do  both;  it’s 
impossible  to  do  both  well. 

CIO  As  Enabler 

If  a  brand  manager  can  boost  cash  flow 
15  percent  in  a  year  by  deploying  a  Web- 
based  channel  management  IT  initiative 
that  circumvents  corporate  ERP,  do  you 
honestly  think  she  won’t  do  it  because 
the  CIO  can’t  figure  out  how  to  integrate 
it?  Of  course  not.  Integration  is  your 
problem,  not  hers.  In  fact,  if  you  successfully  make  it  her  prob¬ 
lem,  she  will  hate  you  unless  the  benefits  of  integration  to  her 
outweigh  her  costs. 

The  meaning  of  implementation  is  changing.  There  is  a  pro¬ 
found  difference  between  being  an  implementation  resource 
and  an  implementation  leader.  In  today’s  environment,  the  Hip¬ 
pocratic  admonition  applies:  First,  do  no  harm. 

Increasingly,  the  CIO’s  role  should  be  to  enable,  facilitate 
and — if  he’s  really  lucky  and  good — coordinate  IT  imple¬ 
mentations  by  the  business  units.  The  worst  situation — and 
we’ve  all  lived  through  it — is  to  be  forced  to  subsidize  and 
support  the  lousy  IT  deployments  that  nontechnology-sawy 
line  managers  have  bought  into.  Yet  those  horrible  situations 
can  and  should  be  the  beginnings  of  more  collaborative  rela¬ 
tionships. 

Controlling — or  even  setting  standards — for  the  IT  spend 
by  the  business  units  is  a  fool’s  errand  at  this  time.  The  ability 
to  influence  divisional  implementations,  on  the  other  hand, 
seems  the  more  pragmatic  course.  After  all,  the  genie  is  out  of 
the  bottle.  The  hard  dollar  IT  budgets  truly  are  in  the  hands  of 
the  P&L  executives — one  way  or  the  other.  You’ll  never  get 
their  spending  “under  control.”  But  with  a  reputation  for  being 
a  useful  resource,  you  should  be  able  to  dramatically  enhance 
the  quality  of  implementation.  Persuasion,  not  power,  repre¬ 
sents  your  best  shot,  ram 


Michael  Schrage  is  codirector  of  the  MIT  Media  Lab’s 
eMarkets  Initiative.  He  can  be  reached  via  e-mail  at 
schrage@media.mit.edu.  E-mail  your  comments  to  us 
at  letters@cio.com. 


Controlling— or  even  setting  standards— 
for  the  IT  spend  by  the  business  units  is  a  fool’s 
errand  for  CIOs. 


4  8 


CIO  JANUARY  15,  2004 


www.cio.com 


PHOTO  BY  JOHN  SOARES 


It's  one  week  until  your  next  vendor  audit, 
do  you  know  where  your  IT  assets  are? 


PDA 

UNIX*  Servers  c'l'Wr>( 

Desktops  •  Laptops 
Terminals  p  D  ^  ‘  Bar  code 

UNIX  Servers  **005 
servers  .  Desk,  .  Up,ops""r5 

PTei°."eL •  PD*  •  Bar  code"’V 

scanners  •  Docking  stations  •  UNIX 


Network 
Network  * 


LINUX*  servers 


UNIX  . 

equipment  r  i..*^ 

Keyboards  offtv3t^ "  X^.,,  _ 

'•'ten  •  Switches  *  C?,,..  * 


Pagers 


^••age  equipment 


Fax  machines 

Inals  •  PDA  •  Bar 


■  o< 


Circuits  phones  *  Two-way  radios  •  Telephony 

Warrantiee<^U*^ment  *  telecommunications  equipment  •  Monitors 

,  Keyboards  •  Network  printers  •  Hubs  •  Network  repeaters 
code  scar  ■'  *_  .  .  ...  ,  .  ,Y  .  _  *'«  phones  •  Two- 

..Routers  •  Switches  •  Network  cards  •  video  cards  ■  Audio  cards  •  Data 
way  radi  _.  ,  _  .  _.  ,  ,  .  __  „«.«*  boards  •  Network 

storage  equipment  •  Circuits  •  Modems  •  Drivers  •  Disk  drives  •  CD-ROM  .  , 

f.nn.e.5  jjr|ves  .  pax  machines  •  Warranties  •  Chargeback  •  PDA  •  UNIX  servers  •  Desktops  03  5  33 

storage  <  3  r 

Chargeb; 


**■£*•«** . 

°p«, 

Warranties  ' 


,»bi*bi>  -  Pagers  •  Mobile  phones  •  Two-way  radios  •  Telephony  equipment*6™*0  E® 

pe^,°ri  Telecommunications  equipment  •  Monitors  •  Keyboards  •  Network  printers  •  Hubs  •  Network  >rn3ance  °  ^ai^  ^  A 
. n  erPr  repeaters  •  Routers  •  Switches  •  Network  cards  •  Video  cards  •  Audio  cards  •  Data  storage  *  ermma  *  o  £ 

Tei^  ^°<,e<iu*P,nen'  *  Circuits  •  Modems  •  Drivers  •  Disk  drives  •  CD-ROM  drives  •  Fax  machines  ^bs^Networlf  ’  $ 
re  eater  yyarrant'es  *  Chargeback  •  Technology  Migrations  •  Vendor  Contracts  Development  Software  <~jrcujts  jyjojgfns  £  «J 
Drivers^°CUment  Management  Software  •  Networking  Software  •  Software  Utilities  •  Communication  Sgvers  oes|rto  s  S'  ® 

.  Software  •  Operating  Systems  •  Performance  Software  •  Enterprise  Software  Agreements  ~  .  „p  jf  i 

Software  License  Agreements  •  PDA  •  UNIX  servers  •  Desktops  •  Laptops  •  Terminals. ^of39*r*e  boards6  *  ^ 


jcking  stations  •  UNIX  servers  •  LINUX  servers  •  Pagers  .  ,  .  -  _  <  J? 

_  ,  .  _.  ,  .  J*  Audio  cards  •  Oata  Jg  £ 

radios  •  Telephony  equipment  •  Telecommunications  .  ..  c  c 


Ne^workPDA  *  Bar  c°de  scanners  •  Docking  stations  • 

stora  e  Mobile  phones  •  Two-way  radios  •  Telep..w..j  -  iBnvwuiiNumuiuuin^^  Warranties 

r,  9  equipment  •  Monitors  •  Keyboards  •  Network  printers  •  Hubs  •  Network  repeaters  q.  e 

<-  Routers  •  Switches  •  Network  cards  •  Video  cards  •  Audio  cards  •  Data  storage060  enagemen  ^  ^ 

_°X'ar' equipment  •  Circuits  •  Modems  •  Drivers  •  Disk  drives  •  CD-ROM  drives  •  Fax  machines  "mS  e  ormance  0  ^ 
^  Warranties  •  Chargeback  •  PDA  •  UNIX  servers  •  Desktops  •  Laptops  •  Terminals  •  PDA,WVafe  ,  9reernen  s  £  £ 

P Bar  code  scanners  •  Docking  stations  •  UNIX  servers  •  LINUX  servers  •  Pagers^  .  Jr 

.i^, ^Mobile  phones  •  Two-way  radios  •  Telephony  equipment  •  Telecommunications  ,  mJLiA  ^  f 
■1 _ :a. _  1/ _ l. _ ki.A.. _ j. _ !_» _  u..l.  ai.i_ _ _  Muds  *  Network  b  > 


equipm  e_uj_ment  ,  Monitors  •  Keyboards  •  Network  printers  •  Hubs  •  Network  repeaters  c 

rcPerT  *  Routers  ‘  Switches  ‘  Network  cards  *  Video  cards  ‘  Audio  cards  •  Data  ora9®  aciuipment  ^  o 
,rCU  *  storage  equipment  •  Circuits  •  Modems  •  Drivers  •  Disk  drives  •  CD-'**  °p9e  &  Ar 
_  ROM  drives  •  Fax  machines  •  Warranties  •  Chargeback  3nr'®rs  outers  ^ 

Is  W' ^oftwai  JeC*1n°*°9y  Migrations  •  Vendor  Contracts  •  Development^^  ^  ^ 

PDA  •ow  e(W  0  a,fc  Software  ** - *  ** - *  - ware*  o  are  .f 

>  ^0..  License  . 


Severs 


UNIX 
Deskt 
Termif 

Audio  cards 


PDA  t0pS  *C'*.  y*  Bor  codftCom01l,niCat  0ri  0Sof'War6  •  °perat,n9.  LINUX  server,  *§ 
-ode  Ol  *otI.  _  Systems  •  Performance  Software  _  .  ,  £  Q- 

-te/w  Pagers  ^  .  .  ^s  -  Telephony  p  -3 

Enterprise  Software  Agreements  £  3 

-r.  X>-4,  UNIX  Severs  -  Desktops f°'  * „M°n,,r  fl 

'  UNU*  -ony  VV  Keyboan..  ^  .  Tormlnals -b*  -  Network  g-O 

UNIX  server  •  Desktops  •  Laptops  \  -i  repeaters  ^  code  Kanners  «*'  Network  »  f 

Terminals  •  PDA  •  Bar  code  scanners  'As  vA.  cards  *Vi-  p  a  «  «  r  e'°  carcis  *  Data  j?  m 

t  •  Circuits  c 
Ivers  •  Disk  ^  (j 
t,D-ROM  drives  £  / 


•  Document  Management  Software  .  c  a? 

. .  .  .  .  _  ..  ®  ........  oftware  License  o 

Networking  Software  •  Software  Utilities  _ _  ^  Sr 


serve1 
Mobi»  Agreements 

equip 
Keybr 

Route1  Docking  stations 


UNIX  servers  •  LINUX  servers 


•>ters 


Oata 


Pagers 
PDAs, 


storage 

Modems 
drives 


storar  Pagers  •  Mobile  phones  •  Two-way  radios  •  Telephony  OOM  /VSft 

drive*  equipment  •  Telecommunications  equipment  •  Monitors  '-lops 
Laptops  Keyboards  •  Network  printers  •  Hubs  •  Network  repeaters  •  Routers  <NUX 
servers  •  P,  Switches  •  Network  cards  •  Video  cards  •  Audio  cards  •  Data  storage  ~\ent  v^’/v 

Telecommunications  •quiP™"rt  •  Circuits  .  Modems  .  Drivers  .  Disk  drives  .  CD-ROM  drives  ,,c„  p  D  A 

Routers  •  Switches  •  Notwv  Fax  machines  .  Warranties  •  Chargeback  •  PDA  •  UNIX  Servers  .  Desktops  uems  *0^ 

Driver.  .  Disk  drives  •  CD-ROM  dr.  Lap*°Ps  1  Terminals  .  PDA  .  Bar  code  scanners  .  Docking  stations  .  UNIX  'ontracts1 
Development  Software  .  Document  Ma,.  st,rvfrs  '  UNUX  servers  .  Pagers  •  Mobile  phones  .  Two-way  radios  Software 


Fax  machines 
Warranties 


jP  *0 
o  c 


Operating  Systems  •  Performance  Software  Telephony  equipment  •  Telecommunications  equipment  •  Monitors  .y  SevW5 
Desktops  •  Uptops  •  Terminals  ■  PDA  ■  Bar  code  sc  Keyboards  .  Network  printers  -  Hubs  •  Network  repeaters  ■  Routers  „ne3 
Two-way  radio,  .  Telephony  equipment  Telecommur.  Switches  ■  Network  card,  .  Video  card,  •  Audio  cards  .  Date  storage  f 

ropeetors  .  Routes  •  Switches  •  Network  -awfa  -  Video  c  «R“ipment  .  Circuits  .  Modems  ■  Drivers  .  Disk  drives  .  CD-ROM  iy„,  £ 
*%,  Disk  drives  .  CD-ROM  drives  .  Fax  m  s.  Warranties  driues  *  Fax  machines  •  Warranties  •  Chargeback  •  Technology  ,jna|s  _•*- ' 
PDA  •  Bar  code  scanners  •  Dock  PDA  UNIX  se, vers  Migrations  •  Vendor  Contracts  .  Development  Software  ,dio,  ^  o‘ 


Telephony  equipment  r  Laptops  s  equipment  ■  M.  D°cumant  Management  Software  •  Networking  >vork  ^ 
%  repeaters  .  Router,  Desktops  xds  •  Video  earn.  Software  .  Communication  Software  ,cu|tJ  <t1 
'dp  Modem,  •  Ori-  Operating  software  drives  .  Fax  mac.  °P«cating  Systems  ■  Performance  j|ogy  w*/ 
Migrations  ..T.locommunlcatlons  Software  .  Docun.  Software  .  Enterprise  Software  fk)ng 

Software  •  So.  equipment  •  Monitors  .  Software  •  Operate  Agreements  •  Software  w ....  JT  C1 

.  ...  .  I  laAisew  A - -  Js 


Enterprise  Sv  Keyboards  •  Network  ,oftware  License  Agreei.  Licens®  Agreements  ware  > 
Agreements  •  printers  •  Hubs  agreements  *  PDA  •  UNIX  Sevu  c.^  n  °  l  o  9  ?  jtops  ^  .c? 


Agreements  *  printers  •  Hubs  Agreements  »  PDA  •  UNIX  Sev^  '^cnnoiogy  jt0pS 
k  Termioc  Routers  code  scanners  •  Oocking  stations  •  UN.  Mi9rations  .MUX 


a 7 


servers  •  PDA  Mobiie  phones  •  Two-way  radios 


Key  jards  j? 
Switches  4r  ,-y" 


^  equipment  eiecommunications  equipment  •  Monitors 
Network  printers  •  Hubs  •  Network  repeaters  •  Routers 

Network  cards  «  Video  cards  •  Audio  cards  •  Data  storage  <je 
equipment  •  Circuits  Modems  *  Drivers  •  Disk  drives  -  CD-  ^5?  a* 
ROM  drives  *  Fax  machines  Warranties  •  Chargeback 
PDA  *  UNIX  Servers  •  Desktops  •  Laptops  • 
Terminals  •  PDA  •  Bar  code  scanners  •  Routers  £"  J? 
Switches  •  Network  cards  •  Video  cards 
Audio  cards  *  Data  storage  & 
Development  Software 
Document  Management  <5® 

Software  •  PDA 
v  .  0,  Networking  if 
Software 


%  V 

'v 


A*  b° 


Whether  you're  a  local  company  with  hundreds  of  IT  assets  or  a  global  business  with  hundreds  of 
thousands,  the  point  is  clear:  IT  assets  are  essential  to  business  and  growing  more  significant  by  the  day. 
Make  them  more  accountable  and  they'll  work  harder  toward  your  bottom  line.  To  find  out  more  about 
our  strategic  asset  management  solutions  for  IT,  visit  make-it-all-count.com/ITAM  or  call  800-244-3346. 


mro  software 

make  it  all  count 


Copynght  2003-2004  MRO  Software,  Inc.  All  rights  reserved.  MRO  Software  is  a  trademark  of  MRO  Software,  Inc.  Other  products  and  brand  names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 


CIO  ENTERPRISE 
VALUE  RETREAT 

AWARDS  CEREMONY^ 

hfr  FEBRUARY  8  -  10,  2004 

m  TRUMP  INTERNATIONAL  SONESTA  BEACH  RESORT 

^  SUNNY  ISLES  BEACH,  FLORIDA 


IT’S  ALL  ABOUT  I.T.  VALUE 

This  is  the  event  for  CIOs  who  are  concerned  with 
articulating,  delivering  and  demonstrating  the  value  IT 
brings  to  the  enterprise.  While  some  pundits  say  IT  is  only  a 
commodity,  we  believe  IT  continues  to  be  at  the  forefront  in 
increasing  your  competitive  advantage.  To  give  you  more 
ways  of  looking  at  IT  value,  we  incorporate  research  and  case 
studies  from  Peter  Weill’s  work  at  MIT  Sloan  School  of 
Management.  We  put  you  together  with  CIOs  who  are  the 
winners  of  this  year’s  CIO  Enterprise  Value  Awards. 

And  we  give  you  the  opportunity  to  learn  from  each  other. 


Call  800.355.0246  or  visit  us  at  www.cio.com/conferences 


‘The  discussion  and 
information  exchange 
with  peers  is  invalu¬ 
able.” 


Robert  Odenheimer, 
SVP,  IT  Operations, 
Magellan  Behavioral  Health 


“The  content  presented 
by  Peter  Weill  was  an 
excellent  framework  to 
discuss  current  chal¬ 
lenges  with  a  very 
interesting 
peer  group.” 

Chris  Acton.  Global  IS, 
Rio  Tinto  Borax 


“Lessons  learned  are 
not  the  usual  aca¬ 
demic  fare,  but  the 
subtleties  of  the  cul¬ 
tural  and  technological 
minefields.” 

Evelyn  Lockett  Woods, 
EVP/CIO,  Joint  Commission  on 
Accreditation  of  Healthcare 
Organizations 


Call 

800.355.0246 
or  visit  us  at 
www.cio.com/ 
conferences 


Retreat  Moderator 

Peter  Weill 

Director,  Center  for 
Information  Systems 
Research,  MIT  Sloan 
School  of  Management 


The  Case 
Studies 

Peter  Weill  once  again  presents 
new  findings  and  case  studies 
from  work  with  hundreds  of 
Global  1000  companies,  focus¬ 
ing  on  three  key  areas:  IT  infra¬ 
structure  for  strategic  agility, 
effective  business  models,  and 
IT  governance. 

>  IT  Infrastructure  for 
Strategic  Agility 

Strategic  agility— the  ability  to 
implement  new  business  initia¬ 
tives  quickly  and  cost  effectively 
—will  be  an  increasingly  irnpor 
tant  capability  for  enterprises  in 
2004.  IT  infrastructure  is  one  of 
the  critical  platforms  required 
for  strategic  agility.  Investing  in 
the  right  infrastructure  at  the 
i  ight  time  enables  rapid  imple 
mentation  of  future  electroni 
cully  based  business  initiatives 
and  cost  reduction  of  current 
business  processes  i.e.,  more 
business  value.  This  session 
presents  a  Itamewot k  lor  senior 
executives  to  view  I T  infrastruc¬ 
ture  in  business  terms  and  to 
lead  in  making  investment  deci 
sinus.  Weill  i  I  lust  i .  it  es  how  firms 
successfully  implement  and 
exploit  1 1  u mi  1 1  inli  astruclures 
willi  several  case  studies. 

>  Do  Some  Business  Models 
Perform  Bcller 

than  Olliers? 

In  an  ineie.isingly  connected 
hi isii less  world  the  In isiness 
model  what  a  In  m  t lues  and 


how  they  make 
money— is  a  critical 
strategic  decision. 
Understanding  what 
business  models  are 
used,  how  they  are 
combined,  and  which 
are  most  successful 
is  important  for  every  senior 
manager.  In  addition,  firms 
implementing  each  model  use  IT 
differently— resulting  in  different 
IT  portfolios.  This  presentation 
provides  a  new  and  powerful 
way  to  analyze  a  firm's  business 
model  and  then  think  about  the 
IT  needs. 

>  IT  Governance  Workshop 

In  response  to  strong  interest  in 
last  year  's  session  on  IT  gover¬ 
nance,  Weill  leads  a  workshop 
on  how  top  performers  govern. 
He  presents  case  studies  and 
insights  from  MIT  CISR's  study 
of  effective  IT  governance  in  256 
enterprises  in  23  countries.  A 
framework  is  presented  in  this 
workshop  to  analyze  and  com 
rnunicate  governance,  illns- 
I rated  with  cases  sti  idles  of  top 
performers. 

>  Monday’s  Case  Study 
Workgroups 

Monday  at  lunch  we  divide  into 
small  groups  to  investigate  the 
link  between  I >i isiness  st rategy 
and  1 1  infrastructure  in  a  new 
case  study.  The  case  is  based  on 
a  global  multi  business  unit  firm 
in  the  healtht  me  industry  mov 
mg  from  a  lully  decentralized 
approach  to  infoi  matiori  lech 
oology  to  pioviding  some  lit  m 
wide  I  I  ii  iltar.lt u<  lure.  I  ho 
(  hallenge  lot  youi  group  is  to 
,k tvi'.c  the  i icwly  a| ipuinlot I  CIO 
t  Jr  oi  i|  is  will  repoi  I  I  rat  k  with 
llicii  recommend. .tlions. 


The  Enterprise 
Value  Award 
Winners 

>  Conversations  with 
This  Year’s  Winners 

We  offer  breakout  sessions  with 
this  year’s  winning  organiza¬ 
tions.  It’s  your  chance  to  talk  at  a 
more  intimate  level,  discuss 
their  particular  case  in  more 
detail  and  take  away  lessons  you 
can  apply  to  your  own  organiza¬ 
tion  back  home. 

•  Academic  Management  Services 

•  Ace  Hardware  Corporation 

•  Chicago  Police  Department 

•  Continental  Airlines 

•  Dell  Computer 

•  Guardian  I  ife  Insurance  Company 
of  America 

•  Korn/Ferry  International 

•  Pfizer  Global  Research  & 
Development 

•  Procter  &  Gamble  Company 

•  WorldspanLP 

>  The  Value  Proposition 

Our  panel  of  CIO  Enterprise 
Value  Award  winners  talks  about 
the  ongoing  difficulty  inherent  in 
demonstrating  and  delivering  I T 
value.  How  do  you  convince  your 
CEOs,  CFOs  and  COOs-who 
may  think  1 1  is  just  a  commodity, 
a  utility  I  hat  its  intelligent 
application  and  deployment  can 
ami  does  indeed  hr  mg  strategic 
value  to  the  business. 

)  Monday  Night’s  Gala 
Awards  Ceremony  &  Dinner 

We’ll  announce  the  winner  of  the 
Grand  CIO  I  irlei  pr  ise  Value 
Awaul  and  honor  all  lire  win 
nee.  in  I  lie  indusliy  r  ategor  les  at 
.  1 1 rlaek  he  i  ei  e|  il  k  >n,  awai  <  Is 
ceremony  and  dinner. 


The  Peer 
Networking 

CIOs  tell  us  it’s  as  important  to 
have  opportunities  to  meet 
informally  with  their  peers  as  it  is 
to  participate  in  the  Retreat 
sessions.  We  give  you  more 
opportunities  to  meet  and  learn 
from  more  of  your  peers  over 
three  days.  And  we’re  happy 
to  hook  you  up  with  other 
attendees  or  corporate  sponsors 
you’d  like  to  meet. 


This  year’s  Enterprise  Value  Retreat 
Awards  Ceremony  is  proudly 
underwritten  by 

<  bmesoftware 

Sponsored  by 


cigital 


**05  in'* 

COMPUWARE. 


Deloitte. 


O  SupportSoft 

FJSAVVIS 


TRUST  THE  NETWORK  THAT  POWERS  WALL  STREET 

TO  EMPOWER  YOUR  BUSINESS.  ‘ 


mmmm 


a  division  of  OD  NCR 

Presented  by 


The  Resource  for 
Information  Executives 


Your  potential.  Our  passion. 


m .  ^ 


You've  got  inventory  covered.  You've  got 
shipping  covered.  What  about  surprises? 

Questions  are  everywhere.  Insight  is  not.  Making  important  decisions  is  your  job. 
Delivering  the  insight  to  help  you  make  smarter  decisions  is  ours.  With  business 
applications  from  supply  chain  management  to  manufacturing,  we  have  tire 
experience  and  resources  to  help  you  succeed  in  a  business  world  where  the  only  thing 
r  ertain,  is  uncertainty  To  learn  more,  visit  microsoft.com/BusinessSolutions/lnsight 


Microsoft 

Business 

Solutions 


Financial  Management  Customer  Relationship  Management  Supply  Chain  Management  Analytics 


www.cio.com  •  JANUARY  15,  2004  CIO  53 


★ 


★ 


* 


★ 


★ 


kc 


★★★THE  N  EXT*** 


PRESIDENTS 


'  ■•  & ' 


dfsai#-4t 


by  BEN  WORTH  eh 


x 


k-.  ■• 


i 


m 


i 


i>* 


★★★THE'*'** 

POLICIES 


As  most  CIOs  know,  government  policies 
have  a  major  impact  on  corporate  IT. 


Yet  in  presidential  politics,  the  connection 
between  policy  and  IT  has  gone  largely  unac¬ 
knowledged.  Recent  laws,  however,  have 
brought  the  link  between  policy  and  IT  to  the 
forefront,  making  it  impossible  to  ignore  any 
longer.  For  example,  the  Sarbanes- Oxley  Act, 
which  established  new  corporate  reporting 
regulations,  forced  companies  to  reevaluate 
the  way  they  manage  financial  data  and  in 
many  cases  overhaul  the  systems  that  handle 
it.  The  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA)  and  the  Gramm- 
Leach-Bliley  Act  mandated  that  health  and 
financial  organizations  follow  rigid  informa¬ 
tion  privacy  and  security  practices.  And  that’s 
just  the  tip  of  the  proverbial  iceberg. 

Technology  is  on  the  agenda  this  election.  It 
will  not  be  its  own  issue,  but  rather  one 
embedded  in  other,  overarching  themes.  “IT 
issues  are  not  packaged  in  a  way  that  finds  a 


voice  in  national  elections,”  says  Jonathan 
Zittrain,  codirector  of  the  Berkman  Center  for 
Internet  &  Society  at  Harvard  Law  School. 
“There  are  other  political  issues  that  are  easier 
to  understand  and  have  been  better  shaped 
and  lobbied  for.  ”  As  a  result,  CIOs  will  have  to 
examine  a  candidate’s  stance  on  numerous 
issues  to  get  a  clear  picture  of  his  overall  IT 
policy.  “You  don’t  have  to  be  a  political 
junkie,”  says  Sue  Kozik,  executive  vice  presi¬ 
dent  and  CTO  of  TIAA-CREF.  “But  I  believe 
it  is  vitally  important  to  keep  abreast  of  the 
candidates’  positions  on  issues.” 

The  economy,  Iraq  and  a  score  of  other 
issues  will  likely  dominate  the  presidential 
campaigns  and  may  well  be  the  decisive  fac¬ 
tors  in  your  vote.  But  technology  issues,  says 
Zittrain,  are  important  enough  that  candi¬ 
dates  should  have  well-developed  positions 
on  subjects  such  as  the  future  of  hardware  and 


software,  privacy,  corporate  governance  and 
offshore  outsourcing  (see  Page  60  for  candi¬ 
date  profiles).  As  such,  the  next  administra¬ 
tion  will  have  the  most  profound  effect  on  the 
future  of  U.S.  IT  departments  yet.  “Each  elec¬ 
tion  going  forward  has  an  ever-increasing 
impact  on  CIOs  because  the  technology  that 
runs  America  is  continuing  to  evolve  and 
affect  more  facets  of  our  lives,”  says  Kozik. 
“The  government — and  all  candidates — are 
playing  an  increasingly  vocal  role  in  com¬ 
menting  on  or  influencing  technology  usage.” 

Here  we  present  an  overview  of  five  of  the 
most  important  IT  policy  issues  and  how  the 
next  administration  could  shape  them.  Know¬ 
ing  the  next  president’s  options  will  help  you 
understand  what  each  policy  will  mean  for  the 
future  of  IT  and  business,  and  the  country  as 
a  whole.  (For  more  on  what  you  can  do,  see 
“Three  Steps  to  Getting  Heard,”  Page  58. ) 


CRITI 


The  Agenda 

When  it  comes  to  critical  infrastructure,  there  are  two  issues:  homeland 
security  and  information  security.  They  are,  of  course,  related— if  every  com¬ 
pany’s  critical  infrastructure  were  100  percent  secure,  then  information 
security  regulations  would  be  unnecessary.  While  the  national  cybersecurity 
policy  calls  for  closer  cooperation  between  the  private  and  public  sectors 
with  each  passing  year,  the  government  has  so  far  resisted  the  urge  to  issue 
any  cybersecurity  requirements.  The  next  president  will  have  to  decide 
whether  the  private  sector  can  achieve  an  acceptable  level  of  cybersecurity 
on  its  own,  or  if  the  government  should  set  the  standards  itself. 


The  Problem 

The  centerpiece  of  the  government’s  information  security  initiatives  is  the 
Department  of  Homeland  Security’s  National  Strategy  to  Secure  Cyberspace. 
Although  it  outlines  the  steps  that  the  public  and  private  sector— as  well  as  indi¬ 
viduals— can  take,  when  it  comes  right  down  to  it,  it  is  simply  a  policy  paper. 
Meanwhile,  the  threat  to  both  businesses'  and  the  country’s  IT  infrastructure  is 
growing.  The  frequency  of  viruses  and  other  cyberattacks  continues  to  hit  new 


www.c/o.com  •  JANUARY  15,  2004  CIO  55 


POLICIES 


highs,  and  such  incidents  are  becoming  increasingly  sophisticated.  The 
FBI  reports  that  identity  theft,  which  is  enabled  by  breakdowns  in  infor¬ 
mation  security,  is  now  one  of  the  fastest-growing  crimes.  And  although 
the  government  keeps  telling  us  another  terrorist  attack  is  inevitable,  the 
General  Accounting  Office  warns  that  data  centers  aren’t  prepared. 

The  Politics 

To  date,  both  Democratic  and  Republican  presi¬ 
dents  have  been  reluctant  to  dictate  security 
standards.  "We  would  never  rule  it  out,  but  it 
would  have  to  be  a  last  resort,"  says  Robert  Atkin¬ 
son,  director  of  the  Technology  and  New  Econ¬ 
omy  Project forthe  Progressive  Policy  Institute,  a 
think  tank  affiliated  with  the  Democratic  Leader¬ 
ship  Council.  “We  have  a  pretty  long  history  in 
this  country  of  private-sector  companies  working 
out  standards.”  But  there  is  a  precedent  for  government  intervention 
when  there  is  significant  public  interest.  HIPAA,  which  requires  health 
information  providers  to  take  steps  that  ensure  data  integrity  and  confi¬ 
dentiality,  is  an  example.  HIPAA  doesn’t  endorse  specific  technologies; 
it  just  says  that  companies  must  meet  baseline  requirements.  In  all  like¬ 
lihood,  HIPAA  would  be  the  model  forfuturedata  security  legislation. 

Although  H I  PA  A  had  to  be  passed  by  Congress,  the  president’s  actions 


can  have  a  direct  impact  on  CIOs.  For  example,  the  president  could  man¬ 
date  that  any  company  that  does  business  with  government  agencies, 
ranging  from  the  FDA  to  the  DoD,  needs  to  clear  a  minimum  information 
security  threshold.  Such  a  mandate  would  encompass  most  companies 
in  the  country.  Joe  Duffy,  global  leader  of  PricewaterhouseCoopers’  secu¬ 
rity  and  privacy  practice,  says  companies  could  be 
forced  to  meet  firewal  I  standards,  put  controls  in 
place  that  dictate  who  can  access  what  system  and 
data,  and  adhere  to  patch-management  policies. 

Every  iteration  of  the  national  cyberstrategy 
has  tried  to  foster  private-  and  public-sector  col¬ 
laboration.  Initially  the  government  asked  that 
companies  voluntarily  disclose  cyberattacks.  In 
2001,  the  government  developed  the  current  sys¬ 
tem,  which  relies  on  security  contractors  to  report 
attacks.  If  this  system  doesn’t  work,  the  govern¬ 
ment  will  be  tempted  to  require  companies  to  report  breaches.  Califor¬ 
nia  already  has  a  law  that  requires  companies  to  notify  residents  when 
their  personal  data  has  been  subjected  to  unauthorized  access,  and 
similar  legislation  has  been  introduced  in  Congress.  The  goal  of  such 
legislation  is  to  force  companies  to  upgrade  their  infosec  procedures. 
Since  California  has  the  largest  congressional  delegation,  its  laws 
often  get  on  the  national  agenda. 


★  CRITICAL* 
INFRASTRUCTURE 

Should  the  government 
develop  standards  for 
corporate  cybersecurity? 

54%  Yes  46%  No 

SOURCE:  CIO  Best  Practice  Exchange  survey  of 
94  senior-level  IT  executives.  November  2003 


Perhaps  the  one  IT-related  topic  guaranteed  to  show  up  in  campaign 
speeches  is  offshoring.  Companies  looking  to  save  money  are  laying 
off  Americans,  and  either  replacingthem  with  lower-paid  foreign  work¬ 
ers  on  specialty  visas  or  outsourcing  the  work  to  overseas  companies 
that  can  do  it  for  a  fraction  of  the  cost.  The 
president  will  have  to  decide  whether  to  take 
steps  to  curb  offshore  outsourcing,  thus  pro¬ 
tecting  U.S.  technology  jobs;  to  invest  in  pro¬ 
grams  to  retrain  out-of-work  IT  workers;  or  to 
simply  let  the  free  market  sort  itself  out. 

The  Problem 

The  offshoring  trend  has  provoked  a  back¬ 
lash  from  technology  workers,  who  have 


begun  to  hold  organized  protests  and,  in  some  cases,  unionize.  If  the 
job  market  doesn’t  improve  between  now  and  the  November  election, 
“opponents  are  going  to  hit  the  Bush  administration  about  where  the 
jobs  have  gone,”  says  Matthew  Slaughter,  a  Dartmouth  College  asso¬ 
ciate  professor  of  business  administration  who  specializes  in  econ¬ 
omics  and  public  policy  management.  "Exhibit  A  is  goingto  be 
offshoring,  and  they  will  trot  out  anecdotes  about  how  it  is  hitting 
college  graduates.” 

Even  offshoring  advocates  realize  that  it  is  a  sensitive  issue— and 
one  that  the  president  could  influence  with  a  single  pen  stroke.  "Don’t 
kid  yourself,”  says  Harris  Miller,  president  of  the  Information  Technol¬ 
ogy  Association  of  America  (ITAA),  a  trade  group  for  the  IT  industry 
that  supports  offshoring.  "There  are  things  that  the  government  can 
do  to  screw  up  the  offshore  world," 

The  Politics 

Economists  are  split  on  offshoring’s  short-term  impact  on  the  econ¬ 
omy.  Short-term,  however,  could  mean  30  years,  which  is  eons  in  poli¬ 
tics.  Policy  decisions  are  made  on  what  is 
happening  now,  and  right  now  the  plight  of  dis¬ 
placed  IT  workers  is  gaining  attention.  Currently 
at  least  six  bills  in  Congress  would  roll  back, 
restrict  or  eliminate  the  use  of  L-l  or  H-1B  visas, 
two  programs  that  allow  foreigners  to  work  for 
companies  in  the  United  States  and  are  consid¬ 
ered  key  to  successful  offshoring.  Meanwhile,  New 
Jersey's  legislature  passed  a  bill  outlawing  state 
agencies  from  sending  work  offshore,  and  several 


'Ar  JOBS  ★ 

Should  the  government  do 
anything  to  preserve 
ITjobsintheU.S.? 

69%  Yes  31%  No 

SOURCE:  CIO  Best  Practice  Exchange  survey  of 
94  senior-level  IT  executives,  November  2003 


56  CIO  JANUARY  15,  2004  •  www.cio.com 


other  states  have  considered  similar  measures.  No  state  or  federal 
outsourcing  bill  has  become  law,  however,  which  offshoring  critics  say 
is  an  indication  of  powerful  pro-business  lobbyists.  Nonetheless,  any 
move  that  limits  offshoring  would  change  most  CIOs’  hiring  and 
sourcing  practices. 

A  president  determined  to  curb  offshoring  could  do  so  by  propos¬ 
ing  that  the  government  will  award  contracts  only  to  companies  that 
keep  the  work  in  the  United  States.  If  offshoring  opponents  are  elected 
to  Congress,  they  could  take  any  number  of  steps  to  slow  the  job  exo¬ 
dus,  such  as  sponsoring  legislation  to  shut  down  the  H-1B  and  L-l  visa 


programs.  (Congress  letthe  H-1B  quota  slip  to  65,000  from  195,000 
last  October.)  A  possible,  but  less  likely,  scenario  is  that  in  the  next  few 
years  there  will  be  a  sufficient  enough  outcry  that  companies  will  be 
given  tax  breaks  to  keep  jobs  stateside,  much  like  how  the  agriculture 
and  steel  industries  are  subsidized  today. 

Even  a  president  who  supports  offshoring  will  need  to  develop  poli¬ 
cies  to  help  retrain  the  IT  workforce.  The  ITAA,  for  example,  calls  for 
the  creation  of  a  National  Center  for  IT  Workforce  Competitiveness, 
which  would  spot  future  IT  trends  and  help  communicate  them  to  cur¬ 
rent  and  future  workers. 


Privacy  legislation  tends  to  follow  the  same  pattern:  Technology 
evolves,  allowing  data  to  be  shared  more  easily,  and  then  the  public 
reacts  negatively.  Congress,  in  turn,  passes  a  law  limiting  how  data 
can  be  shared.  It  happened  with  HIPAA,  which  limits  access  to  patient 
health  records,  and  it  happened  with  Gramm- 
Leach-Bliley,  which  limits  how  financial  services 
companies  can  use  the  data  they  collect.  As  tech¬ 
nology  evolves  and  facilitates  data  proliferation, 
the  public  will  be  looking  for  privacy  laws  to  evolve 
as  well.  The  next  president  will  have  to  decide 
where  to  draw  the  line  between  industry  self¬ 
regulation  and  government  intervention.  Sections 
of  the  Patriot  Act  will  expire  in  2005  and  will  need 
to  be  renewed  during  the  next  administration.  (For 
more  on  the  Patriot  Act,  read  “What  to  Do  When 
Uncle  Sam  Wants  Your  Data,"  available  at 
www.  c/o.  com/printlinks . ) 

The  Problem 

There  is  a  conflict  between  the  United  States’  long 
history  of  private-sector  self-regulation  and  recent 
privacy  laws.  While  privacy  protection  is  huge  with 
the  public,  the  U.S.  government  has  stopped  short  of  regulating  the  pri¬ 
vacy  policies  of  organizations  otherthan  health-care  providers  and 
financial  services  companies.  Some  individual  state  laws  and  some 
European  laws  go  further,  however.  And  with  every  high-profile  privacy 
violation,  the  cries  for  national  privacy  legislation  grow  louder,  says 
Pamela  Fredericks,  senior  security  consultant  for  Forsythe  Solutions. 


Meanwhile,  the  Patriot  Act— which  proponents  say  is  essential  to  fight¬ 
ing  terrorism,  but  critics  say  infringes  on  civil  liberties— is  turning  into 
one  of  the  most  divisive  issues  in  Congress  and  the  current  administra¬ 
tion.  For  instance,  there  are  multiple  bills  in  Congress  that  would  amend 
or  rescind  some  provisions  of  the  Patriot  Act.  And  while  Attorney  Gen¬ 
eral  John  Ashcroft  went  on  a  goodwill  tour  last  summer  to  promote  the 
current  law,  the  Democratic  candidates  frequently  rail  against  it. 

The  Politics 

As  with  security,  the  president  can  force  companies  to  adopt  new  pri¬ 
vacy  practices  by  imposing  requirements  on  companies  dealing  with 
government  agencies.  An  area  where  the  president  may  have  control 
over  privacy  practices  is  in  negotiating  with  the  European  Union, 
which  already  has  strict  privacy  laws  regulating  the  collection  and 
sharing  of  personal  information.  In  2000,  the  United  States  and  the 
EU  agreed  to  a  Safe  Harbor  provision  that  allowed  American  compa¬ 
nies  doing  business  with  Europe  to  simply  meet  a  compromise  ver¬ 
sion  of  the  EU  regs.  According  to  the  Department 
of  Commerce,  more  than  400  U.S.  companies 
have  certified  that  they  meet  this  standard.  But 
negotiations  are  ongoing;  a  president  looking  for 
a  privacy  quick-hit  could  reopen  the  Safe  Harbor. 

The  next  president  will  also  have  to  contend 
with  a  Congress  divided  on  data  privacy  issues, 
and  will  emerge  as  an  advocate  foreitherfurther 
privacy  laws  or  business  self-regulation.  Again, 
California  provides  the  pro-privacy  model. 
Gramm-Leach-Bliley  is  an  opt-out  law;  financial 
institutions  can  continue  to  use  customer  data  as 
they  see  fit  unless  a  customertellsthem  notto.  In 
2003,  California  passed  an  opt-in  law  for  financial 
conglomerates  preventing  them  from  sharing  a 
California  resident's  personal  information  with¬ 
out  his  consent.  The  state  law,  scheduled  to  go 
into  effect  in  July  2004,  was  preempted  by  a  fed¬ 
eral  credit-reporting  law  enacted  at  the  end  of  2003.  Conflicting  state 
laws  put  companies  in  a  difficult  position:  They  will  either  have  to  dra¬ 
matically  change  all  of  their  data  management  practices  or  "come  up 
with  50  different  privacy  policies  for  50  different  states,"  says  Debo¬ 
rah  Birnbach,  a  lawyer  who  specializes  in  technology-related  litiga¬ 
tion  at  Testa,  Hurwitz  and  Thibeault. 


★  PRIVACY  ★ 

What  is  the  biggest 
threat  to  the  privacy  of 
personal  information? 

45%  Corporate  collection  of  or 
error  in  corporate  collection 
and  use  of  personal  data 

35%  Hackers 

15%  Government  collection  of  or 
error  in  government  collection 
and  use  of  personal  data 

6%  Terrorists 

SOURCE:  CIO  Best  Practice  Exchange  survey  of 
94  senior-level  IT  executives,  November  2003 


www.cio.com  •  JANUARY  15,  2004  CIO  57 


POLICIES 


explain  to  companies  what  the  law  actually  means.  The  SEC  has  been 
at  it  for  more  than  a  year  now,  bouncing  between  aggressive  and  loose 
interpretations,  leaving  CIOs  and  other  executives  as  confused  as  ever. 


The  Agenda 

One  of  the  hottest  issues  currently  facing  the  business  and  IT  community 
is  the  Sarbanes-Oxley  Act,  which  requires  increased  diligence  for  finan¬ 
cial  reporting  and  holds  top  executives  accountable  for  misstatements. 
The  next  president  will  have  to  decide  how  strictly  to  enforce  the  current 
regulations  and  determine  if  more  aggressive 
measures  are  necessary.  The  impact  of  this 
decision  on  CIOs  is  huge.  Financial  data 
passes  through  IT  systems;  any  further  regu¬ 
lations,  or  strict  enforcement  of  current  ones, 
would  likely  require  companies  to  undertake 
costly  projects  to  integrate  these  systems. 

There  would  be  less  IT  burden  under  a  presi¬ 
dent  who  favors  a  lax  interpretation  of  the  cur¬ 
rent  corporate  governance  laws. 

The  Problem 

The  Sarbanes-Oxley  Act,  inspired  by  scan¬ 
dals  such  as  Enron  and  WorldCom,  sailed 
through  Congress  and  received  broad  public 
support.  Because  it  is  so  sweeping,  experts  expect  Sarbanes-Oxley  to 
still  be  the  dominant  corporate  governance  legislation  four  years  from 
now.  That  said,  its  future  is  very  much  up  in  the  air.  The  law  was  passed 
while  wounds  from  recent  corporate  accounting  scandals  were  still 
fresh.  The  rush  to  passage,  however,  resulted  in  confusing  legislation 
that  relies  heavily  on  the  Securities  and  Exchange  Commission  to 


The  Politics 

In  its  first  attempt  to  interpret  the  Sarbanes-Oxley  Act,  the  SEC  pro¬ 
posed  that  companies  identify  and  fix  all  of  the  points  where  data 
integrity  could  be  compromised.  Irwin  Kishner,  chairman  of  the  corpo¬ 
rate  law  department  at  Herrick,  Feinstein,  a  firm  whose  clients  include 
Bridgestone/Firestone  and  Hollinger  International,  says  that  an 
aggressive  interpretation  of  this  proposal  is  that  companies  would 

have  needed  to  automate  the  generation, 
handling  and  reconciliation  of  all  corporate 
data— a  decision  that  would  have  sent  CIOs 
scrambling.  The  SEC’s final  rule,  however, 
was  substantially  weaker  and  doesn’t  require 
IT  investments,  although  companies  may  still 
choose  to  make  some.  (For  more  on  the  evo¬ 
lution  of  Sarbox,  see  “A  Funny  Thing  Hap¬ 
pened  on  the  Way  to  Compliance"  at 
www.cio.com/printtinks.) 

An  administration  that  wants  to  crack  down 
on  corporate  fraud  could  fight  for  the  original 
interpretation,  which  would  force  CIOs  to 
rethink  the  manual  processes  that  sit  between 
most  automated  tasks,  for  example,  compiling 
financial  data  from  multiple  systems  in  a  spreadsheet.  Along  with  tight¬ 
ening  controls  over  financial  data,  strict  Sarbanes-Oxley  enforcement 
would  require  CIOs  to  work  with  their  legal  departments  to  craft  polices 
about  when  to  save  data  and,  more  important,  when  to  destroy  it.  In 
addition  to  spurring  new  hardware  investments,  says  Harvard’s  Zit- 
train,  enforcing  document  destruction  policies  “could  be  a  different 


★  CORPORATE  ★ 
GOVERNANCE 

Do  you  want  the  federal 
government  to  give  companies 
more  detailed  guidance  about 
the  controls  needed  in  their 
information  systems  that 
generate  financial  information? 

63%  Yes  37%  No 

SOURCE:  CIO  Best  Practice  Exchange  survey  of 

94  senior-level  IT  executives.  November  2003 


★Three  Steps  to  ★ 
Getting  Heard 

What  CIOs  can  do  to 
shape  the  future  of  IT 

Because  technology  isn’t  a  campaign  issue 
in  and  of  itself,  the  ways  that  a  CIO  can  influ¬ 
ence  campaigns  aren’t  that  different  from 
those  of  ordinary  private  citizens.  There  are 
some  things  you  can  do,  however,  to  ensure 
your  voice  is  heard. 


★  1.  Stay  informed.  Read  the  newspaper 
and  visit  candidates’  websites.  Presidential 
contenders  are  constantly  changing  and 
refining  their  stances  on  issues.  You  should 
know  where  candidates  stand  on  technol¬ 
ogy-related  issues  and,  just  as  important, 
how  much  they  talk  about  them. 


★  2.  Lobby  hard.  Unlike  most  voters,  CIOs— 
especially  those  at  large  companies— have 
direct  access  to  politicians  and  lobbyists.  Tell 
whomever  you  can  how  important  technol¬ 


ogy  issues  are  to  your  company,  and 
express  whatever  specific  concerns  you 
have.  People  in  Washington  talk,  and  it  is 
likely  that  your  comments  will  reach  the 
candidates. 


★  3.  Write  a  letter.  Take  your  cause  straight 
to  the  candidates.  Explain  to  them  that  their 
policies  will  have  a  profound  impact  on  cor¬ 
porate  IT  departments  and  tell  them  what 
you  think  they  should  do.  Including  a  dona¬ 
tion  with  your  letter  will  also  help.  -B.W. 


58  CIO  JANUARY  15,  2004  •  www.cio.com 


way  of  thinking  to  a  CIO  whose  mantra  is  backup,  backup,  backup.” 

Meanwhile,  most  companies  view  Sarbanes-Oxley  as  an  unneces¬ 
sary  burden  and  claim  that  it  won’t  stop  corporate  fraud,  which  is  a 
moral  issue  that  can’t  be  legislated.  An  administration  sensitive  to 
these  complaints  could  all  but  neuter  the  act  through  its  law  enforce¬ 
ment  priorities.  Whereas  a  president  who  favors  tight  governance 
could  request  a  large  SEC  budget  or  appoint  an  advocate  of  corporate 
reform  to  head  the  agency,  the  opposite  is  also  true.  The  next  presi¬ 


dent  could  cripple  Sarbanes-Oxley  by  cutting  the  SEC’s  budget  or 
appointing  an  opponent  of  the  law.  The  same  end  could  be  achieved 
through  less  nefarious  means. 

The  Justice  Department,  which  would  help  investigate  and  prosecute 
any  Sarbanes-Oxley  offenses,  has  limited  resources,  says  Birnbach  of 
Testa,  Hurwitz  and  Thibeault.  The  next  president  will  have  to  decide 
between  using  these  resources  to  fight  terrorism  or  enforce  Sarbanes- 
Oxley.  There  simply  isn’t  enough  money  to  do  both  effectively,  she  says. 


INFORMATION 


The  Agenda 

Unless  Bill  Gates  somehow  wins  the  election,  the 
next  president  will  not  be  personally  involved  with 
the  future  of  hardware  and  software.  However,  his 
policies  will  affect  that  future,  includingtechnology 
standards,  open-source  technology  or  how  R&D 
projects  influence  the  IT  sector.  The  direction  he 
gives  his  Cabinet  and  his  attitude  toward  these 
issues  will  determine  how  active  the  government  is 
in  setting  technology  standards,  either  through 
direct  intervention  or  indirectly  through  its  purchas¬ 
ing  power  as  the  largest  IT  consumer  on  the  planet. 

The  Problem 

Industry  groups  are  notoriously  slow  at  standard 
setting,  and  even  when  a  standard  emerges,  often 
a  competing  standard  comes  along  and  throws  a 
wrench  into  the  process.  “Right  now  security  standards  are  done  vol¬ 
untarily,”  says  Ari  Schwartz,  associate  director  of  the  Center  for 
Democracy  and  Technology.  “But  requiring  companies  to  meet  secu¬ 
rity  goals  is  gaining  traction."  Some  CIOs,  such  as  Scripps  Health's 
Jean  Balgrosky,  say  they  would  welcome  mandated  technology  stan¬ 
dards  because  the  market  has  failed  to  set  them.  Most  CIOs— and,  for 
the  most  part,  the  government— are  opposed.  "Look  at  how  much 
trouble  the  courts  and  U.S.  Patent  Office  have  trying  to  understand 
and  deal  with  the  complexity  of  the  software  and  IT  issues  that  land 
before  them,"  says  David  Reid,  CIO  of  fast-food  chain  Krystal  Co. 
"Imagine  politicians  and  bureaucrats  trying  to  codify  how  technology 
that  they  barely  grasp  is  required  to  work." 


Cast  Your  Vote 


★  INFORMATION  ★ 
TECHNOLOGY 

What  IT  problems 
should  the  next 
administration  address 
with  its  technology 
research  budget? 

Security 

Spam 

Education 

Wireless 

Emerging  technologies 

SOURCE:  CIO  Best  Practice  Exchange  survey  of 
94  senior-level  IT  executives.  November  2003 


The  Politics 

There  is  a  precedent  for  lawmakers  trying  to 
impose  a  technology  standard.  An  example  is 
the  Consumer  Broadband  and  Digital  Television 
Promotion  Act,  introduced  by  Sen.  Ernest 
Hollings  in  2002,  which  would  have  given  the 


Should  the  government  develop  stan¬ 
dards  for  corporate  cybersecurity?  Vote 

in  the  PRESIDENTIAL  I.T.  ISSUES  POLL 

to  make  your  voice  heard  on  this  and 
other  IT  policy  questions.  Goto 

www.cio.com/issuespoll. CIO.COm 


recording  industry  one  year  to  create  a  digital  copy¬ 
protection  standard.  If  the  industry  had  failed,  the 
proposal  dictated  the  FCC  would  have  to  come  up 
with  a  standard.  Hollings  said  it  was  preferable  for 
the  industry  to  set  its  own  standard. 

The  Hollings  bill  never  passed,  but  it  is  indicative  of 
the  approach  a  hands-on  administration  might  take. 
While  Schwartz  suggests  that  government  frustration 
over  industry's  failure  to  develop  standards  may  force 
it  to  take  action,  a  more  likely  tact  is  indirect  stan¬ 
dard-setting  through  its  purchasing  power.  The 
Department  of  Defense,  for  example,  is  requiringthat 
vendors  be  certified  on  the  Software  Engineering  Institute’s  Capability 
Maturity  Model,  a  move  that  has  prompted  many  U.S.  technology  com¬ 
panies  to  pursue  that  certification. 

In  the  long  term,  the  R&D  projects  that  the  next  administration  pur¬ 
sues  will  eventually  find  their  way  into  the  mainstream.  If  the  next  pres¬ 
ident  has  an  affinity  for  networking  or,  say,  antiterrorism  technology 
and  decides  to  fund  such  projects,  that  would  lead  to  commercialized 
products  in  those  fields. 

There  is  no  doubt  the  next  election  will  have  a  profound  impact  on 
the  way  CIOs  run  their  departments.  Until  IT  policy  emerges  as  its  own 
issue,  CIOs  will  have  to  scrutinize  every  issue  for  its  potential  IT  conse¬ 
quences.  A  shorthand  way  of  doing  that  is  to  note  how 
candidates  talk  about  technology.  "Leadership  saying 
why  technology  is  important  helps  a  lot,"  says  the 
Progressive  Policy  Institute’s  Atkinson.  “Especially 
now  when  a  lot  of  people  have  lost  faith  [in  IT].”  K3E1 


Staff  Writer  Ben  Worthen  can  be  reached  via  e-mail  at 
bworthen@cio.com. 


www.cio.com  •  JANUARY  15,  2004  CIO  59 


ThP  president  of  the  United  States  should 


★  ★  ★  THE  ★  ★  ★ 

CANDIDATES 


Technology  policy  ought  to  be  topic  number  one 


(or  two,  or  at  least  three)  on  the  campaign 
trail,  considering  its  importance  to  the  econ¬ 
omy  and  everyday  life.  Understandably,  can¬ 
didates  are  talking  about  jobs  and  the  mess  in 
Iraq  instead.  So  in  order  to  find  out  what  Pres¬ 
ident  Bush  and  his  Democratic  challengers 
think  about  IT  and  its  impact  on  the  nation, 
we  sent  them  questionnaires  asking  about 
their  positions  on  five  policy  areas  that  will  be 


important  to  CIOs  in  the  next  four  years  and 
beyond.  These  include  critical  infrastructure 
security,  jobs,  privacy,  corporate  governance 
and  information  technology — a  category  that 
encompasses  their  priorities  for  IT  research 
and  development,  as  well  as  their  approach  to 
IT  standards,  innovation  and  e-commerce. 
(Read  about  the  decisions  the  next  president 
will  have  to  make  concerning  these  issues  in 


“The  Next  President’s  IT  Agenda,”  Page  54.) 

Only  Sen.  Joseph  Lieberman  (D-Conn.) 
responded  in  full.  Meanwhile,  CIO  writers 
and  editors  combed  the  candidates’  records 
and  interviewed  sources  who  have  interacted 
with  the  contenders  in  the  political  arena  and 
in  the  boardroom. 

Find  out  where  each  candidate  stands. 
Then  decide  which  of  them  really  gets  IT. 


George  W.  Bush 

PARTY:  Republican 

AGE:  57 

HOMETOWN:  Midland,  Texas 
CURRENT  JOB:  President,  2001-present 
WEBSITE:  www.georgebush.com 
I.T.  EXPERIENCE:  In  both  his  White  House 
and  campaign  policy  papers  Bush  cites 
the  tech  sector  as  a  wellspring  for  eco¬ 
nomic  growth.  Actions  such  as  his  signing 
the  USA  Patriot  Act  demonstrate  Bush's 
willingness  to  seek  new  IT-enabled  capa¬ 
bilities  to  aid  government  agen¬ 
cies  in  the  war  on  terrorism. 

When  it  comes  to  new  rules  that 
affect  business  processes  and  IT 
systems,  he  has  been  less 
aggressive.  Federal  regulations 


★  Backs  strategic  role  for  IT  ★ 
in  government  and  minimal 
regulation  of  corporate  systems 


issued  under  Bush  forthe  Sarbanes-Oxley  Act  and  the  Health  Insur¬ 
ance  Portability  and  Accountability  Act  (HI PAA)  made  it  easier  forCIOs 
to  comply  with  these  laws. 

BACKGROUND:  During  the  2000  election  against  Democrat  Al  Gore, 
Bush  campaigned  as  "a  compassionate  Conservative,”  a  devout  Christ¬ 
ian  who  is  pro  business,  anti  taxes  and  supports  spending  on  educa¬ 
tion.  The  terrorist  attacks  of  Sept.  11, 2001,  reshaped  Bush’s  view  of  his 
presidency  and  led  to  his  declaring  war  on  terrorism.  Bush  is  unop¬ 
posed  forthe  Republican  nomination. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Bush  has  continued  former  President 
Clinton’s  policy  of  asking  for,  ratherthan  requiring,  the  private  sector’s 
cooperation  in  securing  corporate  networks. 

Bush  has  signed  two  acts  that  together  put  the  federal  government's 
infrastructure  on  the  front  burner  and  sent  annual  federal  IT  spending 
past  the  $50  billion  mark.  The  E-Government  Act  of  2002,  sponsored 
by  Bush's  potential  rival  in  November,  Sen.  Joseph  Lieberman 


(D-Conn.),  promotes  better  IT  security  within  federal 
agencies.  In  response  to  9/11,  Bush  signed  a  law  creat¬ 
ing  the  Department  of  Homeland  Security,  a  cabinet- 
level  office  that  merged  22  federal  agencies.  Among 
numerous  IT  projects,  the  agency  is  working  to  create 
one  network  to  share  unclassified  data  and  communica¬ 
tions  about  threats  and  responses  with  50  states  and 
thousands  of  local  emergency  responders. 

JOBS:  Bush  has  credited  tax  cuts  he  initiated  with 
spurri ng  the  creation  of  124,000  new  jobs  last  October. 

He  has  not  moved  to  maintain  the  ceiling  on  foreign 
worker  visas,  which  Congress  allowed  to  dip  in  2003.  The 
administration  will  not  try  to  stop  companies  from 
sending  IT  work  offshore,  said  Chris  Israel,  deputy 
assistant  secretary  of  commerce  for  technology 
policy,  at  a  September  IT  services  symposium. 
PRIVACY:  As  part  of  the  war  on  terrorism,  Bush 
signed  the  USA  Patriot  Act,  which  gives  federal 
investigators  sweeping  powers  to  ask  for  data  (such  as  library  borrow¬ 
ing  lists  and  consumers’  purchases)  that  was  considered  private. 

In  2002,  the  Bush  administration  eased  some  restrictions  on  shar¬ 
ing  patient  records  under  HIPAA  that  were  put  in  place  by  President 
Clinton;  the  revised  rules  don’t  require  a  patient’s  written  consentto 
share  the  records,  simply  a  “good  faith  effort”  to  get  consent. 
CORPORATE  GOVERNANCE:  In  the  wake  of  corporate  accounting  scan¬ 
dals  at  companies  such  as  Enron  and  WorldCom,  Bush  signed  the 
Sarbanes-Oxley  Act,  which  requires  corporate  officers  to  vouch  forthe 
accuracy  of  financial  data.  The  law  prompted  a  flurry  of  activity  to  rec¬ 
oncile  IT  systems  to  this  accountability  mandate,  but  subsequent  regu¬ 
lations  issued  by  the  SEC  made  compliance  easier. 

INFORMATION  TECHNOLOGY:  The  DHS  is  working  with  the  National 
Institute  of  Science  and  Technology  and  through  its  procurement 
process  to  encourage  the  development  of  products  based  on  open 
standards,  especially  for  wireless  communications.  Bush  favors 
making  permanent  an  R&D  tax  credit  set  to  expire  June  30, 2004. 

- Michael  Goldberg 


www.cio.com  •  JANUARY  15,  2004  CIO  61 


CANDIDATES 


Wesley  K.  Clark 

PARTY:  Democratic 

AGE:  60 

HOMETOWN:  Little  Rock,  Ark. 

CURRENT  JOB:  Presidential  candidate 
WEBSITE:  www.clark04.com 
I.T.  EXPERIENCE:  Clark  served  as  a  board 
member  or  adviser  to  several  high-tech  com 
panies  including  Acxiom,  Entrust  and  Wave- 
Crest  Laboratories.  At  Acxiom,  he  was 
a  member  of  the  board’s  audit  com¬ 
mittee.  He  also  scouted  many  high- 
tech  companies  as  managing  director 
of  Little  Rock-based  investment  bank- 


★  Wants  to  invest  in  technology  ★ 
that  detects  security  threats 


Clark  says  the  ability  to  assemble,  integrate  and 
understand  information  “will  be  one  of  the  most 
important  drivers  of  the  global  economy  and  security.” 
Clark’s  plan  for  homeland  security  calls  for  investment 
in  technology  to  help  detect  and  respond  to  chemical 
and  biological  threats. 

JOBS:  In  an  essay  on  his  website  titled  "The  100  Year 
Vision,”  Clark  says  he  understands  the  economic 
forces  that  drive  U.S.  companies  to  countries  where 

_  labor  is  cheap.  To  counter  those  forces,  Clark 

has  proposed  giving  up  to  $5,000  in  tax  credits 
to  businesses  for  each  American  they  hire  full¬ 
time  in  2004  and  2005. 

PRIVACY:  Thanks  to  his  membership  on  the 


ing  company  Stephens.  He’s  an  avid  BlackBerry  user. 

BACKGROUND:  After  successfully  leading  the  Kosovo  war  as  NATO’s 
Supreme  Allied  Commander  for  Europe,  the  four-star  general  was 
maneuvered  out  of  his  job  in  2000  and  forced  to  retire  from  the  military. 
He  then  entered  the  business  world.  Working  with  small  companies  that 
develop  technology  and  security  solutions  for  the  government,  Clark 
provided  them  with  an  entree  into  the  Pentagon  and  insight  into  soldiers’ 
and  commanders’  needs.  He  also  impressed  his  new  colleagues  with  his 
understanding  of  economics  and  world  markets  as  well  as  his  manage¬ 
ment  advice.  One  former  business  colleague  says  Clark  made  more 
accurate  predictions  about  the  wireless  market  than  the  technology  ana¬ 
lysts.  Acxiom  CEO  Charles  Morgan  says  that  in  2002,  when  executives 
discussed  how  to  reduce  personnel  costs,  Clark  was  the  first  to  raise  the 
issue  of  how  layoffs  and  pay  reductions  would  affect  morale. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Clark  understands  that  the  country  needs 
to  use  information  technology  to  identify  security  threats.  In  the  press 
release  announcing  his  appointment  to 
Acxiom’s  board  in  December  2001, 


board  of  data-mining  software  vendor  Acxiom,  Clark  is  well-versed  in 
the  technology  available  to  comb  private  records  in  search  of  sus¬ 
pected  terrorists.  His  involvement  with  the  company  provoked  criti¬ 
cism  from  rival  Sen.  John  Edwards  (D-N.C.),  who  during  an  interview 
on  Fox  News  last  September  said  that  Clark’s  relationship  with  Acxiom 
raises  concerns  about  his  regard  for  individual  privacy  rights.  For  his 
part,  the  general  says  he  wants  to  balance  homeland  security  and  pro¬ 
tecting  privacy. 

Clark  helped  craft  a  report  for  the  Markle  Foundation  titled  "Protect¬ 
ing  America's  Freedom  in  the  Information  Age,"  along  with  a  group  of 
tech-industry  luminaries  that  includes  former  Netscape  CEO  Jim  Barks¬ 
dale,  who  supported  President  Bush  in  2000.  One  of  the  report’s  recom¬ 
mendations  is  that  information  owned  by  private  companies  that  is 
relevant  to  the  fight  against  terrorism  should  be  left  in  the  companies' 
hands  and  not  consolidated  into  government  databases. 

CORPORATE  GOVERNANCE:  Clark  says  he  would  put  more  money  behind 
the  SEC's  enforcement  efforts  and  undertake  reforms  to  restore  investors’ 
confidence  in  the  financial  markets,  though  he  provides  no  details. 

INFORMATION  TECHNOLOGY:  Clark  does  not  have  a  public 
position  on  this  issue.  -Meridith  Levinson 


Howard  Dean 


PARTY:  Democratic 

AGE:  55 

HOMETOWN:  East  Hampton,  N.Y. 
CURRENT  JOB:  Presidential  candidate 
WEBSITE:  www.deanforamerica.com 
I.T.  EXPERIENCE:  As  governor  of  Vermont 
from  1991  to  2002,  Dean  promoted  sci¬ 
ence  and  engineering  education.  Other¬ 
wise,  his  IT  leadership  has  been  less  than 
exemplary,  according  to  the  Government 
Performance  Project  sponsored  by  The 
Pew  Charitable  Trusts  in  partnership 
with  Governing  Magazine.  Vermont 
got  a  C+  for  its  IT  in  2001,  because  its 
CIO  had  only  one  staffer  and  the 


state  was  slow  to  put  transactions  on  the  Web. 
BACKGROUND:  Dean  is  the  poster  boy  for  using  the  Inter¬ 
net  in  this  campaign  season.  His  website  has  been  instru¬ 
mental  in  energizing  supporters  and  raising  money, 
particularly  from  small  donors.  In  the  third  quarter  of 
2003, 60  percent  of  contributions  to  Dean  were  of  less 
than  $200,  and  about  half  of  those  were  made  online, 
according  to  Dick  Rowe,  director  ofthe  Internet  and  infor¬ 
mation  services  for  the  Dean  campaign.  The  site  also 
hosts  an  official  blog,  lets  volunteers  sign  up  to  canvass 
voters  doorto  door  and  helps  supporters  organize 
"meet-ups”— 910  gatherings  in  some  600  cities  on 
Dec.  3  alone— without  consulting  campaign 
managers.  The  latter  is  a  sea  change  from  the 
traditional  presidential  campaign,  in  which  cam¬ 
paign  officials  have  complete  control  over 


★  Favors  smart  ID  cards  ★ 
for  security  and  public  safety 


62  CIO  JANUARY  15,  2004  •  www.cio.com 


events.  (For  more  on  Internet  fund-raising  and  campaigning,  see  "Dean 
Profits  from  Web  Campaign,"  Page  24.)  In  early  December,  Dean  got  the 
endorsement  of  former  Vice  President  (and  Internet  booster)  Al  Gore. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Dean  wants  to  provide  more  communica¬ 
tions  equipment  and  protective  gear  to  emergency  personnel  who 
would  be  the  first  responders  in  case  of  a  terrorist  attack.  He  also  advo¬ 
cates  more  spending  on  border  security,  including  new  technology  to 
better  detect  threats  “before  they  cross  our  borders.”  In  a  speech  at 
Carnegie  Mellon  University  in  2002,  he  said  that  states  should  make 
their  networks  more  secure  immediately;  one  method  he  advocates  is 
the  use  of  smart  cards  with  digital  chips  containing  personal  informa¬ 
tion  to  ensure  the  identity  of  state  employees  when  they  access  a  net¬ 
work.  Dean  also  said  smart  cards  could  replace  citizens’  drivers’ 
licenses  as  the  most  widely  used  form  of  personal  identification  and  be 
used  to  enhance  security  at  borders  and  other  vital  checkpoints. 

JOBS:  Dean  doesn’t  mention  high-tech  jobs  in  speeches,  but  says  he 
would  find  ways  that  U.S.  companies  could  meet  their  need  for  workers 
at  all  skill  levels  without  pitting  foreigners  against  Americans.  As  gover¬ 
nor  of  Vermont,  Dean  requested  that  the  Vermont  Technology  Council 
produce  the  state’s  first  science  and  technology  education  plan,  which  it 
did  in  1994.  In  1995,  as  part  of  the  implementation  of  the  plan,  he 
endorsed  the  creation  of  the  Vermont  Academy  of  Science  and  Engi¬ 
neering,  a  nonprofit  group  that  honors  distinguished  achievement  and 
promotes  science  and  technology  in  the  state. 

PRIVACY:  Dean  says  he'll  balance  national  security  and  protecting  civil 


liberties.  He  says  he’s  concerned  about  provisions  of  the  Patriot  Act  that 
allow  law  enforcement  agencies  to  obtain  personal  information  from 
places  such  as  banks  and  libraries  without  “individualized  suspicion 
and  without  meaningful  judicial  review."  He  has  also  questioned  parts  of 
the  law  that  allow  investigators  to  track  a  person's  Internet  use  without 
probable  cause  and  allow  wiretaps  in  criminal  cases  using  the  less  strict 
guidelines  reserved  for  intelligence  investigations. 

Dean  says  privacy  could  be  enhanced  through  the  use  of  the  smart 
cards  he  advocates  as  ID  cards  for  citizens.  Card  readers  could  confirm 
a  person’s  identity  but  limit  access  to  any  more  information  than  neces¬ 
sary  for  a  particular  transaction.  For  example,  an  emergency  medical 
technician  could  access  a  person’s  medical  history  in  the  event  of  an 
accident,  or  a  clerk  in  a  liquor  store  could  access  a  person's  age— but  all 
other  information  about  the  person  would  be  off  limits. 

CORPORATE  GOVERNANCE:  Dean  decries  inadequate  corporate  gover¬ 
nance,  including  a  lack  of  independent  corporate  boards.  He  would  sup¬ 
port  legislation  and  Securities  and  Exchange  Commission  regulation  to 
mitigate  conflicts  of  interest,  such  as  when  vendors  and  customers 
serve  on  each  other's  boards.  His  agenda  to  establish  greater  corporate 
accountability  includes  requiring  companies  to  issue  annual  corporate 
governance  reports. 

INFORMATION  TECHNOLOGY:  He  believes  state  government  networks 
should  be  able  to  share  information  when  appropriate  and  suggests  at 
least  some  IT  standards  would  be  necessary  to  accompl  ish  this.  For 
example,  one  state’s  smart  card  reader  should  be  able  to  read  smart 
cards  from  other  states. 

-Todd  Datz 


John  R.  Edwards 

PARTY:  Democratic 

AGE:  50 

HOMETOWN:  Seneca,  S.C. 

CURRENT  JOB:  U  .S.  senator 
WEBSITE:  www.johnedwards2004.com 
I.T.  EXPERIENCE:  Telecom  and  high  tech 
are  important— and  growing— sectors  of 
North  Carolina’s  economy,  so  it's  no  sur¬ 
prise  that  Edwards  has  immersed  himself 
in  technology  issues  to  serve  this  con¬ 
stituency.  He’s  a  member  of  the  Senate 
Judiciary  Committee  and  its  Subcom¬ 
mittee  on  Terrorism,  Technology 
and  Homeland  Security.  He’s  also 
on  the  Select  Committee  on  Intelli¬ 
gence,  and  the  Commerce,  Science 
and  Transportation  Committee, 

whose  jurisdiction  includes  the  telecom  and  high-tech  industries. 
BACKGROUND:  Edwards  burst  on  the  political  scene  as  a  celebrity  in 
1998,  spending  more  than  $6  million  of  his  own  money  to  defeat  North 
Carolina  Republican  Sen.  Lauch  Faircloth.  In  his  first  month  in  office, 
Edwards  was  tapped  to  help  oversee  depositions  in  President  Clinton’s 
impeachment  trial  (he  ended  up  taking  Monica’s).  In  2000,  he  made  Al 
Gore’s  short  list  of  potential  VPs  and  was  dubbed  the  year's  “Sexiest 


★  Advocates  curbs  on  data  ★ 
collection  from  websites 


Politician"  by  People  magazine.  On  the  campaign  trail, 
however,  Edwards  touts  his  blue-collar  roots,  defining 
himself  as  the  quintessential  small-town  boy  who  made 
good.  The  son  of  a  textile  mill  worker  and  a  letter  carrier, 
Edwards  was  the  first  in  his  family  to  attend  college.  He 
went  on  to  become  a  successful  trial  lawyer— and  a  self- 
made  millionaire.  As  a  Southerner  in  the  race,  Edwards 
has  to  do  well  in  the  South  Carolina  primary  on  Feb.  3  to 
stay  in  contention. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Edwards  thinks  cybersecu¬ 
rity  should  be  a  "higher  priority”  forthe  federal  govern¬ 
ment.  In  2003,  he  introduced  eight  bills  to  improve 
homeland  security,  including  the  National  Cyber 
Security  Leadership  Act,  which  would  require  all  fed¬ 
eral  agencies  to  adopt  best  practices  for  securing 
their  computers  against  cyberattacks. 

JOBS:  He  voted  to  increase  the  capon  H-1B  visas  in  2000.  In  his  cam¬ 
paign  platform,  he  says  he  would  establish  a  Rural  Economic  Advance¬ 
ment  Challenge  fund,  to  bring  venture  capital  and  management 
expertise  to  entrepreneurs  and  small  businesses  in  small  towns  and 
other  areas  that  are  losing  jobs.  His  logic:  Why  launch  a  startup  in  Palo 
Alto  when  you  can  get  VC  funding— and  affordable  housing— in  Peoria? 
PRIVACY:  Edwards  introduced  anti-spyware  legislation  in  2000  that 


www.cio.com  •  JANUARY  15,  2004  CIO  63 


★★★THE*'** 

CANDIDATES 


would  require  software  companies  and  website  operators  to  get  users' 
consent  before  collecting  information  about  them  or  tracking  their 
computer  usage.  Much  of  his  language  made  it  into  the  Online  Personal 
Privacy  Act  that  passed  the  Senate  Commerce  Committee  in  2002. 
Edwards  voted  for  the  Patriot  Act  but  now  says  he  wants  to  amend  the 
law  to  strike  a  better  balance  between  ferreting  out  terrorists  and  pro¬ 
tecting  individual  privacy.  He  has  introduced  bills  to  protect  bank  and 
medical  records  and  to  prevent  marketers'  abuse  of  wireless  device 
users’  location  information.  He  has  also  called  fora  bipartisan  commis¬ 
sion  to  look  into  survei  llance  technologies  being  used  by  the  FBI  and 
police  post-9/11.  Edwards  supports  biometric  identifiers  for  ID  cards. 
CORPORATE  GOVERNANCE:  Edwards  proposes  a  workers  and  share¬ 


holders  bill  of  rights  that  he  says  would  restore  honest  accounting,  curb 
excessive  CEO  pay,  hold  managers  accountable  for  results,  restore  pen¬ 
sion  parity  and  eliminate  corporate  tax  abuse.  He  thinks  companies 
should  be  required  to  expense  stock  options. 

INFORMATION  TECHNOLOGY:  Edwards  advocates  investment  in  a  national 
broadband  infrastructure  that  would  ensure  rural  communities  have 
affordable  Internet  access  within  four  years.  He  would  offer  assistance  to 
rural  businesses,  schools  and  hospitals  so  that  they  can  reap  the  benefits 
of  the  Internet.  He  advocates  a  tax  credit  for  investments  in  broadband 
technology  and  has  suggested  that  the  Universal  Service  Fund  (which  sub¬ 
sidizes  telcos  for  delivering  service  to  low-income  and  remote  areas)  could 
be  used  to  promote  rural  broadband  deployment.  -Alice  Dragoon 


Richard  A.  Gephardt 

PARTY:  Democratic 

AGE:  62 

HOMETOWN:  St.  Louis,  Mo. 

CURRENT  JOB:  Member,  U.S.  House  of  Rep¬ 
resentatives 

WEBSITE:  www.dickgephardt2004.com 
I.T.  EXPERIENCE:  As  House  minority  leader 
(a  post  he  held  until  2002),  Gephardt  estab¬ 
lished  the  Democratic  Advisory  Group  on 
High-Tech  Issues  in  the  late  1990s  to  cham¬ 
pion  IT  policy. 

BACKGROUND:  A  member  of  Congress 
since  1976,  Gephardt  for  the  past  decade 
has  opposed  major  trade  deals,  including 
Nafta  and  the  establishment  of  normal 
trade  relations  with  China,  on  the 
grounds  that  Americans  should  not  be 
forced  to  compete  for  jobs  against  work¬ 
ers  in  countries  that  exploit  labor  and  fail 
to  protect  the  environment. 

Gephardt,  who  ran  unsuccessfully  for  president  in  1988,  touts  his 
humble  roots  and  his  middle-class  means— his  father  drove  a  milk 
truck,  his  mother  worked  as  a  secretary,  and  his  son,  Matt,  survived  can¬ 
cer  as  a  toddler  because  the  family’s  health  insurance  covered  an  exper¬ 
imental  treatment.  Though  Gephardt  counts  labor  unions  among  his 
closest  political  allies,  key  unions  for  health-care  and  municipal  workers 
are  backing  rival  Howard  Dean.  Gephardt’s  chances  forthe  nomination 
depend  on  a  strong  showing  against  Dean  in  Iowa  on  Jan.  19. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Gephardt  opposed  a  provision  in  the 
Homeland  Security  Act  exempting  information  that  companies  report  to 
the  government  about  their  network  vulnerabilities  from  disclosure 
under  the  Freedom  of  Information  Act.  At  the  time,  supporters  deemed 
it  essential  for  collecting  data  on  security  weaknesses,  while  critics  said 
companies  could  use  the  provision,  which  is  now  law,  to  hide  material 
information  from  investors  and  customers.  Gephardt  has  not  said  pub¬ 
licly  whetherthe  government  should  regulate  corporate  IT  security. 
JOBS:  In  1998  and  2000,  Gephardt  backed  increases  in  the  number  of 


H-1B  visas  for  technology  workers,  along  with  meas¬ 
ures  to  promote  the  training  of  more  Americans  for 
high-tech  jobs.  In  campaign  speeches,  he  evokes  the 
plight  of  American  IT  workers.  "I’ve  been  to  China,  to 
India,  to  Indonesia,  places  where  the  most  sophisti¬ 
cated  high-tech  labor  is  done  for  a  few  dollars  a  day,” 
he  says.  “We  have  to  raise  global  standards  and  wages 
so  that  everyone  does  better." 

Gephardt  says  his  plan  to  negotiate  minimum 
wages  for  every  country  in  the  World  Trade  Organiza¬ 
tion  would  raise  living  standards— so  U.S.  workers, 
including  technology  workers,  would  not  have  to  com¬ 
pete  with  “slave,  sweatshop  and  child  labor.” 

PRIVACY:  He  supports  a  national  ID  card  system, 
according  to  the  Electronic  Frontier  Foundation.  He’s 
voted  to  include  biometric  data  on  passports  and  visas. 
In  2001,  he  said  companies  should  be  allowed  to  police 
themselves  when  it  comes  to  protecting  consumer  pri¬ 
vacy  online.  But  he  also  voted,  in  2000,  to  prohibit 
financial  companies  from  sharing  private  customer 
information  with  third  parties  under  Gramm-Leach-Bliley. 

CORPORATE  GOVERNANCE:  Gephardt  voted  for  the  Sarbanes-Oxley 
Act.  He  told  the  AFL-CIO  that  “it’s  time  we  aggressively  enforced  our 
laws  to  ensure  that  the  actions  of  our  companies  are  properly  disclosed 
and  reported.”  He  says  he  would  appoint  members  to  the  Securities 
and  Exchange  Commission  “who  represent  the  interests  of  the  workers 
and  the  investing  public.”  He  says  granting  stock  options  to  rank-and- 
file  employees  is  an  important  way  to  make  workers  feel  like  owners, 
and  he  opposes  requiring  companies  to  count  employee  stock  options 
as  expenses. 

INFORMATION  TECHNOLOGY:  As  House  minority  leader  in  2002,  he 
called  for  doubling  the  nation’s  investment  in  IT  without  saying  how  this 
would  be  done.  He  backs  more  funding  for  research  into  security  tech¬ 
nologies  and  supports  a  permanent  tax  credit  for  research  and  develop¬ 
ment  generally.  In  2000,  he  said  the  Justice  Department  was  "justified" 
to  bring  its  antitrust  case  against  Microsoft  but  has  offered  no  subse¬ 
quent  opinion  on  the  case.  He  wants  to  provide  high-speed  Internet 
access  to  every  American  by  the  end  of  the  decade  to  stimulate  eco¬ 
nomic  growth,  and  he  would  give  tax  credits  to  companies  that  invest  in 
broadband  facilities  or  services.  -Elana  Varon 


★  Wants  to  raise  wages  ★ 
for  offshore  workers 


64  CIO  JANUARY  15,  2004  •  www.cio.com 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


OVERVIEW 


Advertising  Supplement 


INFORMATION 
LIFECYCLE 
MANAGEMENT  IS: 

a  strategy  that  uses 
people,  processes  and 
technology  to  store  and 
tap  critical  business 
data  throughout  its 
lifespan  of  value. 


IN  THIS  EDITION: 

Pressured  to  better 
manage  information 
assets,  companies  today 
need  an  overarching 
plan  to  prioritize  busi¬ 
ness  information  based 
on  its  value  to  the 
enterprise.  Many  are 
turning  to  a  new  con¬ 
cept  called  Information 
Lifecycle  Management 
as  an  innovative,  end- 
to-end  solution. 


Making  the  Case  for 
Information  Lifecycle  Management 


MAKE  NO  MISTAKE:  using  information 
wisely  can  make  or  break  your  company. 

Once  a  supporting  player  in  the 
creation  of  goods  and  services,  infor¬ 
mation  today  is  the  star  of  the  show, 
acting  as  the  linchpin  to  success  for 
enterprises  worldwide.  And  as  the 
latest  business  applications  provide 
new  methods  of  organizing  and 
managing  information,  innovative 
companies  worldwide  have  placed 
the  strategic  use  of  information  at 
the  heart  of  their  business  models. 
These  companies  realize  that  if  man¬ 
aged  wisely,  corporate  information 
can  yield  rich  nuggets  of  insight  to 
help  them  create  additional  revenue 
streams  and  enhance  existing  lines  of 
business. 


“The  ability  to  use  and  leverage 
information  as  a  company  to  drive 
additional  business  is  critical,”  says 
Mark  Lewis,  chief  technology  officer 
at  EMC,  based  in  Hopkinton,  Mass. 
“For  many  companies,  smart  use  of 
information  has  truly  become  a  dif¬ 
ferentiator,  particularly  as  technolo¬ 
gy  provides  companywide  access.” 

But  knowing  that  information  is  a 
vital  strategic  tool  and  being  able  to 
fully  wield  that  tool  are  two  different 
things.  Business  leaders  may  realize 
that  they  are  sitting  on  a  gold  mine 
of  knowledge,  but  they  remain  frus¬ 
trated  by  their  inability  to  harness 
the  power  of  information.  For  many, 
the  solution  is  taking  the  form  of 
Information  Lifecycle  Management. 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


Advertising  Supplement 


OVERVIEW 


Managing 
information  wisely 
means  finding  a 
way  to  link  and 
analyze  the 
data  that  lies  in 
disparate 

applications  across 
the  enterprise. 

“Information 
is  much  more 
interrelated, 
and  people 
are  more 
interested 
in  that 

interrelation.” 

—Ron  Williams, 
senior  manager  at 
Earthlink 


CHALLENGES  TO  INFORMATION 
MANAGEMENT 

There  are  a  number  of  obstacles  in  the 
path  of  executives  who  seek  to  create  and 
exploit  an  integrated  flow  of  information 
throughout  their  companies.  Among  the 
challenges: 

Explosive  Information  Growth.  The  vast 
majority  of  business  information  is  online 
now,  fueling  explosive  growth  in  the  infra¬ 
structure  that  supports  it.  “I’m  constantly 
hearing  about  how  much  information  is 
growing  as  IT  is  integrated  into  the  business 
process,”  says  Mike  Fisch,  director  of  stor¬ 
age  and  networks  at  The  Clipper  Group,  a 
consultancy  based  in  Wellesley,  Mass.  Data 
reside  in  a  variety  of  formats — the  unstruc¬ 
tured  data  found  in  emails  and  Word  files, 
the  structured  information  of  databases  and 
transactional  applications — but  tying 
together  these  disparate  sources  of  informa- 


SEVEN  DEADLY  SPEEDBUMPS 

Here  are  the  top  7  challenges  to  effective 
information  management: 

•  Explosive  Information  Growth 

•  Cost  Constraints 

•  Information’s  Strategic  Value 

•  Perceived  Strategic  Value 

•  Regulatory  Issues 

•  Fluid  Nature  of  Information 

•  Perceived  Business  Value 


GROWTH  STORAGE  CAPACITY 
FOR  COMPLIANT  RECORDS 


The  capacity  of  compliant  records  will  increase 
from  376PB  in  2003  to  1 ,644PB  in  2006, 
representing  a  CAGR  of  64% 


f  1600 

|  1400 

IS  1200 

8§  1000 

£  CO 

800 

=  .£  600 
of  400 

o  o 

■o  O)  200 

I  0 

o 


64%  CAGR 


2003 


2004  2005  2006 

Total  Aggregate  capacity  of  Compliant  records 


SOURCE:  ENTERPRISE  STORAGE  GROUP, 
COMPLIANCE  STUDY,  MAY  2003 


The  need  to  meet  compliance  requirements  will 
continue  to  grow,  requiring  methodologies  and 
technologies  to  understand  the  value  of  infor¬ 
mation  and  how  to  manage  it  accordingly. 


tion  is  a  complex  challenge.  “Information  is 
much  more  interrelated,  and  people  are 
more  interested  in  that  interrelation,”  says 
Ron  Williams,  a  senior  manager  at 
Earthlink,  a  $1.3  billion  Internet  services 
provider  based  in  Atlanta. 

What’s  more,  the  growth  of  electronic 
data  has  spawned  a  whole  new  category 
of  metadata:  information  about  the  data 
itself,  such  as  who  created  it,  who 
accessed  it,  where  it’s  been  and  who’s 
changed  it.  “It’s  an  exponential  feedback 
loop,”  says  Williams. 

Cost  Constraints.  Face  it:  companies 
have  the  difficult  task  of  growing  their 
informational  infrastructure  in  a  frugal  cli- 


WORLDWIDE  PRODUCTION  OF  ORIGINAL  INFORMATION 

(If  stored  digitally,  in  terabytes  circa  2002) 


Storage  Medium 

2002 

Terabytes 

Upper 

Estimate 

2002 

Terabytes 

Lower 

Estimate 

1999-2000 

Upper 

Estimate 

1999-2000 

Lower 

Estimate 

%  Change 
Upper 
Estimates 

Paper 

1,634 

327 

1,200 

240 

36% 

Film 

420,254 

76,69 

431 ,690 

58,209 

-3% 

Magnetic 

4,999,230 

3,416,230 

2,779,760 

2,073,760 

80% 

Optical 

103 

51 

81 

29 

28% 

TOTAL: 

5,421,221 

3,416,281 

3,212,731 

2,132,238 

69% 

Upper  estimates  assume  information  is  digitally  scanned,  lower  estimates  assume  digital  content  has  been  compressed. 

SOURCE:  “HOW  MUCH  INFORMATION?  2003,”  SCHOOL  OF  INFORMATION  MANAGEMENT  AND  SYSTEMS,  UNIVERSITY  OF  CALIFORNIA  AT  BERKELEY 


2 


Advertising  Supplement 


mate.  Budgets  are  flat  or  rising  just  slightly, 
and  CIOs  are  under  severe  pressure  to  drive 
every  possible  penny  from  their  spending 
plans.  “The  ability  to  manage  data  costs  is 
super  critical,”  Williams  says.  Merely  plan¬ 
ning  for  growth  can  take  up  a  hefty  chunk 
of  technical  resources. 

Information’s  Strategic  Value.  Cost  and 
planning  issues  will  not  stem  the  relentless 
demand  for  better  access  to  information. 
Businesses  have  grasped  the  undeniable 
strategic  value  of  information  and  want 
that  knowledge  available  in  a  seamless 
fashion.  Bottom  line:  the  access,  availabili¬ 
ty  and  protection  of  mission-critical  infor¬ 
mation  are  of  vital  importance. 

Regulatory  Issues.  New  government  reg¬ 
ulations  such  as  Sarbanes-Oxley  and  the 
Health  Information  Portability  and 
Accountability  Act  are  throwing  new  wrin¬ 
kles  into  the  management  of  data,  as  com¬ 
panies  face  the  risk  of  fines  and  legal  action 
for  noncompliance.  “Regulations  such 
as  Sarbanes-Oxley  are  driving  the  need  to 
be  able  to  prove  where  data  went  [and] 
who  accessed  it,  and  then  be  able  to  bring 
it  back  to  the  state  where  it  was  last 
accessed,”  Williams  explains. 

As  data  become  more  interrelated, 
application-specific  solutions  to  regulato¬ 
ry  compliance  won’t  get  the  job  done, 
says  Mike  Kahn,  managing  director  of 
The  Clipper  Group.  “The  problem  is 
multi-application,  as  records  can  be  in 
specific  applications  as  well  as  in  places 
like  email.” 

The  Fluid  Nature  Of  Information. 

Information  holds  different  business  values 
over  the  course  of  its  life  and  must  be  man¬ 
aged  accordingly.  This  means  that  compa¬ 
nies  need  to  create  processes  that  allow 
information  to  move  about  freely,  as  need¬ 
ed.  “Information  doesn’t  just  move  down  in 
value,”  explains  Steve  Kenniston,  a  technol¬ 
ogy  analyst  with  Enterprise  Storage  Group, 
in  Milford,  Mass.  “Policies  should  dictate 
that  data  move  up  and  down  the  storage 
food  chain  as  business  needs  dictate.” 

At  Earthlink,  for  example,  Williams  is 
building  a  tiered  storage  platform  based  on 


TOP  PROBLEMS  INFORMATION 
LIFECYCLE  MANAGEMENT  CAN 
HELP* 


Recovery 


Archive 


mmm 


Ai/ailahilitv 

Reg  Compliance 


5% 


10%  15%  20%  25% 


*According  to  53  U.S.  CIOs  and 
Senior.  IT  Executives 

SOURCE:  EMC  RESEARCH  GROUP  FOCUS 
GROUPS  JULY-AUGUST,  '03 


Information  Lifecycle  Management  addresses 
many  of  the  key  challenges  Senior  IT  executives 
believe  they  will  face  in  2004. 


“CIOs  need  to 
set  up 

management 
policies  that 
align  with  the 
value  of 
information. 

Cradle  to 
grave,  it’s  a 
complex 
thing.” 


EMC  technologies.  “What  EMC  has  been 
doing  for  a  while  is  building  the  ability  to 
move  data  that  we  need  to  access  faster  to 
storage  that  can  deliver  it  faster  and  help 
migrate  information,”  he  says. 

The  Business  Value  Of  Information. 
Understanding  the  value  of  information  is 
at  the  heart  of  managing  information,  and 
that  requires  some  forethought  on  the  part 
of  both  the  CIO  and  his  line  of  business 


— Steve  Kenniston, 
technology  analyst, 
Enterprise  Storage  Group 


5  ELEMENTS  OF  AN  INFORMATION  LIFECYCLE 
MANAGEMENT  STRATEGY 

According  to  industry  experts,  a  successful  Information  Lifecycle 

Management  strategy  must  be: 

•  Business-centric:  This  means  that  IT  and  business  need  to  work 
together  to  align  with  key  processess,  applications  and  business  ini¬ 
tiatives. 

•  Policy-based:  New  government  regulations  like  Sarbanes- 
Oxley  and  HIPAA  mandate  how  long  data  must  be  retained,  when 
it  may  be  deleted  and  who  has  access  to  it — all  perfect  candidates 
for  policy-driven  automation.  CIOs  should  tie  information  polices 
to  automated  tools  that  ensure  policy  enforcement. 

•  Centrally  managed:  To  provide  an  integrated  view  of  all  of  the 
business’s  information  assets,  both  structured  and  unstructured, 
Information  Lifecycle  Management  must  be  centrally  managed. 

•  Heterogeneous:  To  operate  throughout  the  entire  enterprise, 
Information  Lifecycle  Management  strategies  must  encompass  all 
types  of  platforms  and  operating  systems. 

•  Aligned  with  the  value  of  data:  A  key  aspect  of  Information 
Lifecycle  Management  is  the  ability  to  match  storage  resources  to 
the  value  of  business  data  at  any  given  point  in  time.  Once  classi¬ 
fied,  Information  Lifecycle  Management  matches  infrastructure  to 
the  value  of  the  data. 

- 1 - 


3 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


Advertising  Supplement 


OVERVIEW 


IMPLEMENTING  INFORMATION  LIFECYCLE 
MANAGEMENT 

To  understand  how  Information  Lifecycle  Management  can  work  in 
real  life,  consider  how  information  moves  through  the  supply  chain: 

•  Company  XYZ  receives  an  order  for  a  new  widget.  Immediately 
automated  tools  tag  the  data  according  to  preset,  business-driven 
data  policies,  enabling  the  company  to  track  and  manage  the  infor¬ 
mation  throughout  its  lifecycle. 

•  The  data  value  at  creation  is  high,  as  it  remains  during  order 
processing,  where  many  people  access  and  use  it  to  fill  and  ship 
product  orders. 

•  After  the  order  is  shipped,  the  informational  value  drops, 
prompting  Information  Lifecycle  Management  tools  to  automat¬ 
ically  migrate  the  data  from  a  high-performance  tier  of  storage 
to  a  lower  cost  level  that  takes  longer  to  access. 

•  However,  if  the  customer  calls  in  with  a  claim  about  a  year  into 
the  two-year  warranty,  for  example,  the  Information  Lifecycle 
Management  tools,  once  again  managed  by  value-driven  policies, 
pull  the  product  data  back  to  a  high  level  of  storage  so  that  cus¬ 
tomer  service  representatives  and  technical  personnel  can  readily 
draw  on  it. 

•  When  the  warranty  runs  out,  Information  Lifecycle  Management 
tools  recognize  the  policies  pertaining  to  the  tagged  data  and  auto¬ 
matically  delete  the  information,  thus  closing  out  the  lifecycle. 


QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 
questions  about 
Information  Lifecycle 
Management — and  how 
you  can  begin 
implementing  such  a 
strategy — send  them  to 
ilm_questions@emc.com. 

We’ll  answer  the  most 
frequently  asked 
questions  later  in 
this  series. 


peers.  If  companies  want  to  manage  infor¬ 
mation — and  get  it  to  where  it  needs  to  be 
in  an  automated  format — they  must  first 
analyze  and  prioritize  the  business  value 
that  underlies  the  data. 

“CIOs  need  to  set  up  management  poli¬ 
cies  that  align  with  the  value  of  informa¬ 
tion,”  agrees  Kenniston.  “Cradle  to  grave, 
it’s  a  complex  thing.” 

BUILDING  AN  INFORMATION 
LIFECYCLE  MANAGEMENT 
STRATEGY 

Information  Lifecycle  Management  is  not 
a  product  but  rather  an  innovative 
method  of  harnessing  informational 
chaos.  “Information  Lifecycle  Manage¬ 
ment  is  a  strategy,  and  one  that  encom¬ 
passes  people,  processes  and  technology,” 
says  Kenniston.  Done  right,  Information 
Lifecycle  Management  is  proactive  and 
dynamic,  and  helps  companies  plan  IT 
growth  to  match  their  anticipated  needs. 

“Information  Lifecycle  Management 
is  the  ability  to  provide  companies  with 


universal  access  to  information — the 
right  information — and  the  most  up-to- 
date  and  logical  version  across  the  enter¬ 
prise,”  says  Tanuja  Randery,  vice  president 
for  global  strategic  initiatives  at  EMC.  “If 
companies  want  to  access  and  use  infor¬ 
mation  to  their  business  advantage,  the 
only  way  they  can  do  that  is  to  have  a 
universal,  unified  approach  to  both 
viewing  and  access.” 

At  this  early  stage,  industry  experts  are 
painting  the  picture  of  what  Information 
Lifecycle  Management  looks  like. 
“Information  Lifecycle  Management  is  a 
vision,  but  it’s  also  a  practical  reality  for 
the  future,”  says  The  Clipper  Group’s 
Fisch.  [See  “5  Elements  of  an  Information 
Lifecycle  Management  Strategy,”  p.  3.] 

Yet  Information  Lifecycle  Manage¬ 
ment  is  not  something  that  can  be  imple¬ 
mented  off  the  shelf,  nor  is  it  one-size-fits- 
all.  CIOs  must  closely  examine  their  orga¬ 
nizational  needs  and  craft  a  strategy  that 
best  fits  their  company.  A  big  task,  per¬ 
haps,  but  Information  Lifecycle  Manage¬ 
ment  can — and  should — be  implemented 
in  stages  that  greatly  simplify  the  task. 
For  example,  customers  can  start  by  first 
migrating  to  an  automated  networked 
storage  environment  with  tiers  of  storage 
to  deliver  varying  price  points  and  capa¬ 
bilities,  then  implementing  data  classifica¬ 
tion  and  management  policies  for  key 
applications  such  as  enterprise  resource 
planning.  In  the  end,  by  evolving  to  an 
enterprise-wide  platform,  corporations 
can  manage  corporate  information  across 
the  entire  enterprise. 

NEXT:  In  the  next  part  of  this  series, 
we’ll  explore  information  protection 
and  recovery. 


g ]yj£2  F0R  M0RE  INFORMATION 

where  information  lives  Visit  WWW.emC.COm/ilm 

for  an  in-depth  look  at  Information  Lifecycle 
Management  products,  services  and  strategies. 


4 


Research  shows  keeping  morale  up  is  the  greatest  IT  staffing 
challenge.  It’s  up  to  CIOs  to  recognize  overstressed  situations, 
boost  morale,  motivate  workers  without  using  money  to  do 
so,  and  keep  staff  informed  and  calm  during  tenuous  times. 
Turn  to  the  CIO  FOCUS™  on  WORKFORCE  MANAGEMENT: 
LEAPING  I  T,  STAFF  IN  TIMES  OF  HIGH  STRESS  AND  LOW 
MORALE— actionable  Information  created,  filtered  and  pack¬ 
aged  by  the  award-winning  editors  of  CIO  magazine. 


CIO  FOCUS™  is  delivered  right  to  your  desktop  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours.  Available  now  at 
an  introductory  price. 


|  i 


CIO  FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


CIO  FOCUS™ 


The  Elite  CIO:  Going  Beyond 
the  Basics 

Knowledge  Management:  Harnessing 
the  Power  of  Intellectual  Assets 

Strategic  Maneuvers:  How  to  Plan, 
Align  and  Govern  IT  Strategy 

Customer  Relationship  Management: 
Maximizing  Rewards,  Minimizing  Risk 


The  Resource 
for  Information 
Executives 


*  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO'S  KNOWLEDGE  MARKETPLACE. 

i  www.THeCIOStore.com 


★★★!>!£★★★ 

CANDIDATES 


John  F.  Kerry 

PARTY:  Democratic 

AGE:  60 

HOMETOWN:  Boston 
CURRENT  JOB:  U.S.  senator 
WEBSITE:  www.johnkerry.com 
I.T.  EXPERIENCE:  An  early  watchdog  on  con¬ 
sumer  Internet  privacy,  Kerry  sponsored  a  bill 
in  2000  with  Sen.  John  McCain  that  would 
require  website  operators  to  notify  visitors 
about  the  collection  of  personal  informa¬ 
tion  and  to  provide  the  opportunity  to  limit 
its  use. “It  is  up  to  Congress  to  establish  a 
floorfor  Internet  privacy,”  Kerry  said  at  the 
bill’s  introduction.  Though  the  bill  didn’t 


★  Proposes  better  education  ★ 
to  keep  knowledge  jobs  in  U.S. 


years  of  community  service. 

PRIVACY:  One  of  Congress’s  most  outspoken  pro¬ 
ponents  of  consumer  privacy,  Kerry  takes  a  practi¬ 
cal  approach,  says  CDT's  Schwartz.  "He  has  been 
a  bridge  between  consumer  interests  and  the  cor¬ 
porate  interests  in  terms  of  trying  to  come  up  with 
practical  solutions  [that  serve  both]." 

CORPORATE  GOVERNANCE:  Kerry,  like  every 
other  U.S.  senator,  voted  for  Sarbanes-Oxley.  He 
supports  the  expensing  of  stock  options  and  has 
sponsored  a  bill  that  would  end  the  use  of  off¬ 
shore  tax  havens. 

INFORMATION  TECHNOLOGY:  Kerry  has  long 
pushed  for  permanent  research  and  develop¬ 
ment  tax  credits  for  computer  and  Internet 


pass,  it  served  as  the  basis  for  new  legislation  that  is  now  pending. 

His  constituency  includes  the  prototype  for  Silicon  Valley,  Route  128, 
a  highway  ring  around  Boston  where  many  early  technology  companies 
got  their  start  in  the  1960s.  His  involvement  with  constituents  has  made 
him  more  technology  aware  than  most  of  his  competitors  for  the  presi¬ 
dency,  says  Ari  Schwartz,  associate  director  of  the  pro-consumer  Center 
for  Democracy  &  Technology  (CDT).  Kerry  is  also  a  member  of  the  Sen¬ 
ate  Committee  on  Commerce,  Science  &  Transportation. 

BACKGROUND:  With  his  jutting  jaw  and  big  helmet  of  hair,  Kerry  looks 
every  bit  the  decorated  Vietnam  War  hero  he  is.  As  a  college  student,  he 
wrestled  bulls  in  the  streets  of  Pamplona  ratherthan  merely  running 
with  them,  and  today  he  still  acts  macho,  flying  barrel  rolls  in  his  plane 
and  windsurfing  in  squalls,  accordingto  The  Washington  Post.  Critics 
argue  that  he  hypes  his  war  hero  image  to  counter  his  liberal  stands  on 
economic  and  social  issues.  The  early  leader  in  the  primary  race,  Kerry 
has  faded  as  Howard  Dean  has  taken  clearer  stands  on  the  war  in  Iraq 
and  social  and  economic  issues,  galvanizing  liberals  behind  him. 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  Kerry  voted  for  the  Homeland  Security 
Act,  which  includes  a  provision  that  exempts  information  that  private 
companies  volunteer  about  their  information  security  vulnerabilities 
from  disclosure  under  the  Freedom  of  Information  Act.  He  later 
cosponsored  a  doomed  bill  that  would  have  softened  that  stance  some¬ 
what  by  limiting  the  exemption  to  internal,  confidential  information. 
Kerry  is  one  of  Congress’s  experts  in  terrorist  money  laundering  and 
helped  craft  legislation  that  became  part  of  the  Patriot  Act.  But  he  is 
skeptical  of  other  portions  of  the  act  and  cosponsored  a  bill  in  2003 
that  would  limit  the  use  of  surveillance  and  the  issuance  of  search 
warrants. 

JOBS:  Responding  to  the  backlash  against  foreign  outsourcing,  Kerry 
introduced  a  bill  in  2003  that  would  require  call  center  service  agents  to 
identify  the  country  where  they  are  located  at  the  beginning  of  each  call. 
"Americans  should  have  full  information  about  the  outsourcing  of  call 
center  jobs  when  they  decide  who  they  will  purchase  their  products  and 
services  from,"  he  says.  Kerry’s  platform  calls  for  an  emphasis  on  edu¬ 
cation  to  keep  knowledge  jobs  in  the  United  States— including  a  $4,000 
annual  tuition  tax  credit  to  encourage  kids  to  go  to  college,  and  a  pro¬ 
gram  that  allows  students  to  earn  college  tuition  in  exchange  for  two 


companies.  His  work  on  a  bill  that  equates  electronic  signatures  with 
handwritten  ones  would  speed  up  electronic  funds  transfer.  And  he 
cosponsored  a  bill  enacted  in  2003  to  establish  a  national  nanotechnol¬ 
ogy  research  program.  -Christopher  Koch 


★The  Single-Digit  Club  ★ 

These  Democrats,  trailing  badly  in  most 
polls,  put  copyright,  competitiveness 
and  on  I  i  ne  voti  ng  at  top  of  tech  agenda 


★  Dennis  J.  Kucinich  ★ 

PARTY:  Democratic 

AGE:  57 
HOMETOWN: 

Cleveland 
CURRENT  JOB: 

U.S.  representative 
WEBSITE:  www.kucinich.us 

Kucinich  has  attracted  a  tech-savvy 
following,  for  better  or  worse:  One 
supporter  recently  hacked  CBS- 
news.com,  shifting  the  CBS  home- 
page  to  a  page  playing  a  30-minute 
video  of  Kucinich  talking  about 
issues  such  as  universal  health  care 
and  withdrawing  the  United  States 
from  Nafta  and  the  World  Trade 
Organization.  He's  been  a  magnet 
for  political  drama  before.  In  1977,  at 
the  age  of  31,  Kucinich  was  elected 
mayor  of  Cleveland— the  youngest 
person  ever  elected  to  lead  a  major 
American  city.  As  mayor,  his  refusal 
to  sell  off  the  municipal  power  com¬ 
pany  sent  the  city  into  default. 


As  a  presidential  candidate, 
Kucinich  supports  free  access  to 
online  content.  He’s  licensed  his 
own  blog  under  a  Creative  Com¬ 
mons  license  and  allows  anyone  to 
share  his  content  with  attribution  for 
noncommercial  purposes.  He  also 
participates  in  other  online  forums. 
Last  August  he  opined  about  copy¬ 
right  policy  and  media  consolida¬ 
tion  on  cyberlaw  guru  Larry  Lessig’s 
blog.  Kucinich  is  against  importing 
workers  to  fill  high-tech  jobs,  having 
voted  against  increasing  the  cap  on 
H-1B  visas  in  1998. 


★  Carol  Moseley  Braun  ★ 

PARTY: 

Democratic 
AGE:  56 
HOMETOWN: 

Chicago 
CURRENT  JOB: 

Self-employed  business  consultant 
WEBSITE:  www.moseleybraun.org 


66  CIO  JANUARY  15,  2004  •  www.cio.com 


. 


: 


Joseph  I.  Lieberman 

PARTY:  Democratic 

AGE:  61 

HOMETOWN:  Stamford,  Conn. 

CURRENT  JOB:  U  S.  senator 
WEBSITE:  www.joe2004.com 
I.T.  EXPERIENCE:  Lieberman  is  the  former 
chairman  and  current  top  Democrat  on  the 
Senate  Governmental  Affairs  Committee,  which 
oversees  how  federal  agencies  use  IT.  He 
authored  the  E-Government  Act,  which  aims  to 
improve  citizens’  access  to  government  services 
and  information.  Lieberman  has  been  lauded  by 
the  high-tech  interest  groups  Tech  Net  and  the 
Information  Technology  Industry  Council  for  his 
support  of  the  technology  industry. 

BACKGROUND:  Lieberman  is  well  known  as  the 

man  who  almost  became  vice  president  in  2000.  First  elected  to  the 

Senate  in  1988,  he  positions  himself  as  a  centrist,  although  he  espoused 


★  Authored  major  ★ 
e-government  law 


In  1992,  Moseley  Braun  was  the 

first  African-American  woman 
elected  to  the  U.S.  Senate,  where 
she  served  one  term.  During  that 
time,  she  voted  against  increas¬ 
ing  the  cap  on  H-1B  visas.  To 
strengthen  the  country’s  eco¬ 
nomic  competitiveness,  Moseley 
Braun  supports  the  transfer  of 
federal  laboratory  research 
results  and  technologies  into  the 
mainstream  of  the  U.S.  economy. 
Moseley  Braun  advocates  the 
government  and  the  private  sec¬ 
tor  working  together  to  develop 
environmentally  sound  technolo¬ 
gies  that  would  lessen  U.S. 
dependence  on  foreign  oil. 

★Alfred  “Al”^ 

C.  SharptonJr. 

RHnp  PARTY: 

Democratic 
**  jf  AGE:  49 
Wgjjjjmr  HOMETOWN: 

Brooklyn,  N.Y. 

»  JBF  Mk  CURRENT  JOBS: 

Pentecostal  minister,  activist,  foun¬ 
der  of  the  National  Action  Network 
WEBSITE:  www.al2004.org 


Sharpton,  an  outspoken  and 
often  flamboyant  civil  rights 
activist,  got  into  a  dustup  last 
fall  with  rival  and  Democratic 
front-runner  Howard  Dean. 
Sharpton  accused  Dean  of  not 
reaching  out  to  minority  voters. 
Sharpton,  who  opposes  online 
voting  on  the  grounds  that  it 
would  give  an  advantage  to 
voters  who  can  afford  Internet 
access  at  home,  challenged  Dean 
in  September  to  reject  a  Michi¬ 
gan  plan  to  allow  Internet  voting 
in  that  state’s  presidential  cau¬ 
cus  next  month  (Dean  says  he 
supports  Internet  voting  if  access 
to  all  voters  is  ensured).  In  Octo¬ 
ber,  around  the  same  time  as 
Jesse  Jackson  Jr.  announced  that 
he  planned  to  support  Dean, 
Sharpton  was  back  on  Dean’s 
case,  saying  he  promoted  some 
“antiblack”  policies. 

As  an  activist,  one  of  Sharp- 
ton's  goals  has  been  to  bridge 
the  digital  divide.  He  is  a  sup¬ 
porter  of  an  organization  called 
Ecofaith,  an  Internet  service 
provider  allied  with  the  Congress 
of  Black  National  Churches. 

-Julie  Hanson 


more  liberal  views  on  some  issues  as  former  Vice 
President  Al  Gore’s  running  mate.  He  is  a  cofounder 
of  the  Senate  New  Democrat  Coalition,  which  seeks 
to  advance  a  slate  of  e-commerce-friendly  policies. 
The  first  Democrat  to  publicly  scold  President  Clin¬ 
ton  forthe  Lewinsky  affair,  and  a  critic  of  the  enter¬ 
tainment  industry’s  promotion  of  violence, 
Lieberman  has  also  been  called  "the  conscience  of 
the  Senate.” 

Policy  Positions 

CRITICAL  INFRASTRUCTURE:  After  9/11,  Lieber¬ 
man  pushed  for  the  Department  of  Homeland 
Security  to  have  a  strong  Directorate  of  Science 
and  Technology,  modeled  after  the  Defense 
Advanced  Research  Projects  Agency,  and  champi¬ 
oned  a  $500  million  “Acceleration  Fund”  to  rapidly 
commercialize  promisingtechnologies  for  homeland  security.  His 
E-Government  Act,  which  President  Bush  signed  into  law  in  December 
2002,  includes  a  mandate  for  security  standards  and  annual  independ¬ 
ent  security  audits  for  federal  agencies’  IT  systems.  He  thinks  govern¬ 
ment  should  partner  with  industry  to  develop  voluntary  standards  for 
cybersecurity  in  the  private  sector,  but  would  consider  requiring  soft¬ 
ware  that  runs  critical  infrastructure  to  meet  security  and  reliability 
standards. 

JOBS:  He  coauthored  the  Tech  Talent  law  to  encourage  universities  to 
beef  up  science  and  engineering  programs  to  increase  the  high-tech 
labor  pool.  He  supported  an  increase  in  the  number  of  H-1B  visas  in 
1998  and  2000  but  wants  to  curb  visa  abuses.  He  advocates  a  tax  credit 
for  companies  that  create  new  jobs. 

PRIVACY:  The  privacy  provisions  of  Lieberman’s  E-Government  Act  are 
considered  by  some  experts  to  be  the  most  important  governmental 
privacy  rules  in  30  years.  The  law  requires  agencies  to  assess  the 
impact  on  privacy  for  any  new  or  significantly  revamped  IT  systems 
used  to  collect  personal  information.  Lieberman  voted  forthe  Patriot 
Act  and  envisions  increasing  technology  use  to  stop  crime  and  terror¬ 
ism.  But  he  thinks  the  government  should  not  invade  the  privacy  of 
innocent  Americans. 

CORPORATE  GOVERNANCE:  Lieberman  supports  the  Sarbanes-Oxley 
corporate  accountability  legislation,  and  calls  for  "aggressive  and  con¬ 
sistent  enforcement”  of  the  law.  A  believer  in  the  importance  of  stock 
options  to  entrepreneurial  ventures,  he  led  the  crusade  in  1993  against 
a  proposed  accounting  rule  change  that  would  have  required  compa¬ 
nies  to  expense  stock  options.  Now  he  has  proposed  legislation  he  says 
would  discourage  abuse  of  options.  His  bill  would  deny  options-related 
tax  deductions  to  companies  that  don’t  distribute  at  least  half  of  their 
options  to  employees  earning  less  than  $90,000  a  year. 

INFORMATION  TECHNOLOGY:  Lieberman  supports  making  the  R&D  tax 
credit  permanent.  He  would  offertax  incentives  to  expand  deployment 
of  broadband.  His  goal  is  to  provide  every  home  and  small  business 
with  a  high-speed  Internet  connection  in  the  next  decade. 

Among  his  research  priorities,  Lieberman  would  increase  support 
for  research  into  advanced  wireless  broadband  technologies  and 
nanotechnology.  -Alice  Dragoon 


www.cio.com  •  JANUARY  15,  2004  CIO  67 


Offshore  Outsourcing 


Raytheon  Aircraft  is  no  different  than  most  companies  today. 


The  $2.1  billion  subsidiary  of  the  national 
defense  contractor  is  exploiting  outsourcing, 
both  onshore  and  off,  to  cut  costs,  access 
skilled  workers  and  operate  more  efficiently. 

But  unlike  some  companies,  one  false 
move  on  an  outsourcing  deal  could  cost  the 
airplane  manufacturer  tens  of  millions  of  dol¬ 
lars,  jeopardize  its  ability  to  sell  to  the  U.S. 
government  or  even  land  its  executives  in  jail. 


That's  because  Raytheon  and  its  subsidiaries 
are  subject  to  export  regulations  that  restrict 
what  information  can  be  viewed  by  foreign 
IT  workers.  Data  that  could  enable  another 
country  to  build  a  missile  or  military  aircraft— 
or  even  a  seemingly  innocuous  radio— is 
restricted. 

Raytheon  Aircraft  ran  into  just  that  issue 
last  summer,  when  it  inked  an  outsourcing 


68  CIO  JANUARY  15.  2004 


www.cio.com 


DOUG  DEBRECHT,  CIO  of  Raytheon  Aircraft,  a  commercial  subsidiary  of  the  defense  firm, 
convinced  his  outsourcer  IBM  not  to  employ  foreign  nationals  on  an  SAP  system  until  he 
develops  a  foolproof  security  strategy. 


Offshore  Outsourcing 


deal  with  IBM.  The  company  gave  IBM  con¬ 
trol  over  support  and  further  development  of 
its  SAP  system.  IBM,  for  cost  reasons,  declared 
its  intent  to  use  subcontractors  in  India  on  the 
application,  which  contains  such  sensitive 
information  as  how  to  build  the  skin  of  a  com¬ 
mercial  jet.  And  that’s  when  Raytheon  Air¬ 
craft  CIO  Doug  Debrecht  knew  he  had  a 
problem  on  his  hands.  Executives  at  his  parent 
company  soon  confirmed  his  intuition.  They 
insisted  that  IBM  not  use  foreign  contractors 
until  Debrecht  came  up  with  a  surefire  way  to 
keep  them  out  of  Raytheon’s  network. 

Raytheon  is  not  the  only  company  dealing 
with  this  dilemma.  Many  in  the  military- 
industrial  complex  are  keen  to  figure  out  a 
way  to  move  IT  work  offshore.  The  federal 
government  itself,  one  of  the  largest  out¬ 
sourcers  in  the  country,  must  consider  where 
the  work  it  is  sending  to  EDS  or  Lockheed 
Martin  will  ultimately  wind  up.  And  even 
nondefense-related  companies  must  sort  out 
how  similar  data-access  situations  apply  to 
regulations  like  the  Health  Insurance  Porta¬ 
bility  and  Accountability  and  Gramm- Leach- 
Bliley  acts.  Consider  the  case  of  the  clerical 
worker  in  Pakistan  who  threatened  to  post  a 
U.S.  hospital’s  patient  data  online  if  she  wasn’t 
paid  more  money.  Any  sensitive  data  can  be 
dangerous  in  the  wrong  hands. 

This  is  a  new  minefield  for  defense  IT.  While 
other  parts  of  the  business  have  incurred  major 
penalties  for  export  violations,  military  defense 
contractors  have,  up  until  now,  largely  dis¬ 
missed  the  idea  of  using  offshore  talent  on  their 
systems.  “If  you  look  at  my  counterparts  at 
Boeing,  Raytheon  and  Lockheed  Martin  and 
compare  us  to  the  rest  of  our  peers  in  the  For¬ 
tune  500,  we’re  the  rare  breed  that  still  does 
very  little  offshoring,  and  that’s  all  because  of 
[International  Traffic  in  Arms  Regulations] 
and  export  regulations,”  says  Tom  Shelman, 
CIO  for  Northrop  Grumman. 

But  as  the  cost  pressures  to  exploit  offshore 
outsourcing  mount,  CIOs  now  face  a  compli¬ 
cated  conundrum:  how  to  protect  their  sensi¬ 
tive  information  while  enabling  the  global 
collaboration  necessary  to  compete  in  today’s 
business  environment. 

“It’s  a  huge  concern  not  just  for  government 


contractors  but  for  any  CIO  who’s  dealing 
with  material  that’s  regulated,  whether  it’s 
defense  or  financial  services  or  pharmaceuti¬ 
cal  companies,”  says  Akiba  Stern,  partner  in 
the  New  York  City  office  of  global  law  and 
consulting  firm  Shaw  Pittman.  “The  compa¬ 
nies  themselves  know  a  lot  about  the  regula¬ 
tions  in  their  industry,  but  the  people  who  are 
doing  the  outsourcing  don’t.  And  there  are  no 
actual  rules  for  how  to  work  the  outsourcing.” 

THE  EXPORT  POLICE 

Since  World  War  II,  the  United  States  has  been 
placing  restrictions  on  the  export  of  certain 
arms  and  related  data.  Today,  the  State 
Department’s  Office  of  Defense  Trade  Con¬ 
trols  administers  the  International  Traffic  in 
Arms  Regulations,  or  ITAR,  which  require 


specific  licenses  for  exporting  items  on  the  U.S. 
munitions  list,  from  aircraft  and  ships  to 
firearms  and  chemical  weapons,  as  well  as  any 
technical  data  needed  to  make  them. 

The  Commerce  Department’s  Bureau  of 
Export  Administration  (BXA)  ministers  the 
Export  Administration  Regulations  (EAR), 
which  control  the  export  of  commercial  items 
that  could  have  military  applications  (comput¬ 
ers,  civilian  aircraft,  viruses  for  scientific 
research,  even  radios).  Both  ITAR  and  EAR 
prohibit  the  release  of  related  data  to  foreign 
nationals  (anyone  not  a  U.S.  citizen  or  perma¬ 
nent  resident  alien ) ,  which  is  why  CIOs  at  com¬ 
panies  like  Raytheon  find  themselves  in  a  fix. 

The  potential  for  trouble  has  only  increased 
with  the  pervasiveness  of  offshore  outsourc¬ 
ing,  especially  since  companies  such  as  India’s 


70  CIO  JANUARY  15,  2004  •  www.cio.com 


PHOTO  BY  STELLA  JOHNSON 


'D2Ddiviicros(#t<ind  piaceWare  are 


Microsoft 


start  meeting 

Simply  log  in  and  dial  in  and 
collaborate  like  never  before 

Can  support  multiple  presenters  and  concurrent 
meetings  with  up  to  2,500  participants  per  session 


9  layers  of  security,  SSL  service 
and  128-bit  encryption 


The  meeting  has  been  changed.  We  think 
you’ll  like  this  location  much  better. 


Whether  you’re  3  offices  or  3,000  miles  apart,  now  you  can  collaborate  as  if  you’re  all  at  the  same  table. 
All  thanks  to  Microsoft®  Office  Live  Meeting.  The  new  service  that  lets  you  meet  with  groups  of  2  up  to 
2,500,  without  leaving  your  desk.  With  just  a  phone,  a  PC  and  an  Internet  connection  you  can  hold  quick, 
impromptu  staff  meetings,  discuss  trends  with  fellow  IT  professionals,  even  roll  out  new  technology 
initiatives  enterprise-wide.  All  in  real  time. 

Plus,  it’s  a  hosted  service  so  there  are  no  costly  infrastructure  changes  or  headaches  for  your  IT  department. 
It’s  a  big  part  of  what  makes  the  new  Microsoft  Office  System  so  different.  See  for  yourself.  You’ll  save  time, 
save  money  and  maybe  even  earn  yourself  the  title  of  office  superhero. 


Try  it  today.  Get  30  days  of  service,  on  us.  Visit  www.microsoft.com/liveonline 


■  -**1  M  i  c  rosoft  Off  i  ce 

db  Live  Meeting 


A  PlaceWare  Service 


Offshore  Outsourcing 


Tata  Consultancy  Services  and  Wipro  are  sub¬ 
contractors  to  some  of  the  largest  U.S.  out¬ 
sourcers  including  CSC,  EDS  and  IBM. 
Amplified  sensitivity  to  issues  of  national  secu¬ 
rity  and  terrorism  have  further  fueled  con¬ 
cerns,  making  this  a  hot-button  issue  for  CIOs 
in  regulated  industries.  “We’re  living  in  a  dif¬ 
ferent  sort  of  world,”  says  Michael  Daly,  cor¬ 
porate  director  of  IT  security  for  Raytheon. 
“What  was  just  a  topic  of  conversation  a  few 
years  ago  is  now  top  of  mind.” 

As  a  result,  the  enforcers  of  export  regula¬ 
tions  are  getting  tough  on  violators.  “They’ve 
stepped  up  their  regulatory  activity  and  fines, 
many  of  them  in  excess  of  $10  million,”  says 
Larry  Christensen,  vice  president  of  interna¬ 
tional  trade  content  for  Vastera,  a  global  trade 
technology  provider,  and  former  director  of 
the  BXA’s  regulatory  policy  division. 

Just  last  year,  Raytheon  agreed  to  pay 


$25  million  in  civil  fines  to  settle  charges  from 
the  Department  of  Justice  that  it  tried  to  evade 
export  laws  in  the  attempted  sale  of  sensitive 
radio  technology  to  Pakistan  via  a  Canadian 
subsidiary.  Similarly,  Lockheed  Martin  settled  a 
federal  lawsuit  for  $  1 3  million  in  2000  for  pro¬ 
viding  technical  advice  to  a  Hong  Kong  com¬ 
pany  working  on  China’s  commercial  satellite 
program.  Two  years  earlier;  Boeing  Satellite  Sys¬ 
tems  paid  $10  million  for  sharing  rocket  data 
with  Russian  and  Ukrainian  partners. 

The  escalation  in  fines  has  not  been  lost  on 
the  industry.  And  now  that  companies  such 
as  Raytheon  and  Northrop  Grumman  are 
exploring  the  possibility  of  letting  foreign 
workers  handle  their  systems,  their  CIOs  are 
well  aware  of  the  perils  if  their  companies’ 
technical  data  is  exposed  through  outsourc¬ 
ing  arrangements.  “It’s  a  big,  complicated 
problem,”  says  Ron  Remy,  director  of  IT 


operations  for  Lockheed  Martin  Space  Sys¬ 
tems.  “We  deal  with  lots  of  secure  informa¬ 
tion,  not  just  our  proprietary  information  and 
ITAR-regulated  information,  but  even  classi¬ 
fied  Department  of  Defense  information.  ” 

Among  the  systems  currently  off-limits  to 
offshore  outsourcing  at  Lockheed  Martin:  ERP 
systems,  which  contain  the  material  require¬ 
ments  for  developing  and  defining  the  com¬ 
pany’s  products,  and  the  engineering  systems 
used  to  design  its  products  including  space- 
based  telecommunications  and  missile  systems. 

TESTING  THE 
OFFSHORE  WATERS 

Generally,  IT  service  providers  such  as  IBM 
disclose  to  their  clients  what  subcontractors, 
if  any,  they  plan  to  use  on  an  outsourced  proj¬ 
ect.  But  CIOs  are  ultimately  responsible  for 
making  sure  the  arrangements  for  systems 
access  are  fail-safe.  If  a  company  violates 
export  regulations  as  a  result  of  its  outsourcer 
subcontrac  ting  to  a  supplier  in  China  or  India, 
you  can  bet  it  won’t  be  the  outsourcer  that 
pays.  “If  there’s  a  regulation  that  you’re 
responsible  for  and  your  outsourcer  doesn’t 
comply,  you  have  to  deal  with  the  damage,” 
Shaw  Pittman’s  Stern  says. 

Multimillion-dollar  fines,  experts  say, 
would  be  just  the  beginning.  “In  government 
contracting,  the  damage  to  reputation  is 
almost  always  worse  because  you’re  dealing 
with  something  that’s  perceived  to  be  a 
national  security  issue,”  says  Ed  Hansen, 
another  Shaw  Pittman  partner.  “When  that 
hits  the  newspapers,  it  looks  really  bad.  ”  Vio¬ 
lators  can  lose  their  ability  to  sell  to  the  U.S. 
government,  and  ultimately,  to  export  at  all. 

And  it  doesn’t  stop  there.  “We’ve  even  seen 
a  willingness  to  seek  criminal  indictments,” 
Christensen  says.  “And  corporations  don’t  go 
to  jail;  people  go  to  jail.”  In  2001,  criminal 
charges  were  brought  (and  eventually 
dropped)  against  a  McDonnell  Douglas  exec¬ 
utive  for  conspiring  to  sell  machine  tools  used 
to  make  jetliners  to  China.  Though  it  hasn’t 
yet  happened  to  a  CIO,  the  possibility  of  up  to 
1 0  years  in  prison  for  an  export  violation  is  not 
one  that  any  IT  executive  wants  to  consider. 

Even  so,  Northrop  Grumman,  which  in 


DEFENSIVE  ACTION 

IT  executives  at  the  major  defense  contractors  are  working 
together  to  figure  out  how  they  can  enable  easier  worldwide 
collaboration  while  still  complying  with  export  regulations 

Through  a  project  called  the  Program  for  Secure  Collaboration  Across  the 
TransAtlantic  Defense  Community,  competitors  BAE  Systems,  General  Dynamics, 
Lockheed  Martin,  Raytheon  and  Rolls-Royce,  as  well  as  the  Department  of  Defense 
and  Great  Britain's  Ministry  of  Defence,  have  been  working  on  developing  best 
practices  and  standards  for  data  security  and  server  access  when  working  across 
national  borders.  “The  idea  is  to  remove  the  roadblocks  to  collaboration  while 
meeting  requirements  for  various  export  control  regulations,”  says  Michael  Daly, 
corporate  director  of  IT  security  for  Raytheon. 

The  initial  intent  was  to  foster  collaboration  between  the  United  States  and 
Great  Britain,  but  the  group  has  broadened  its  mandate  to  develop  standards  for 
offshore  outsourcing  around  the  globe.  Issues  discussed  include  what  the  appro¬ 
priate  level  of  encryption  is,  what  a  log  should  look  like,  what  the  rules  should  be 
for  server  access,  and  so  forth. 

On  a  more  informal  level,  the  same  objective— figuring  out  how  to  do  offshore 
outsourcing— tops  the  agenda  for  Tom  Shelman,  CIO  of  Northrop  Grumman,  and 
a  steering  group  he  leads  of  CIOs  in  the  Aerospace  Industries  Association  of 
America,  including  Rebecca  Rhoads  of  Raytheon,  Scott  Griffin  of  Boeing  and  Joe 
Cleveland  of  Lockheed  Martin.  “We  have  monthly  teleconferences,  and  it's  one 
of  the  issues  we  have  right  now— offshoring  and  ITAR  concerns  and  what  we  can  do 
about  it,"  Shelman  says.  -S.O. 


72  CIO  JANUARY  15,  2004  •  www.cio.com 


demand  a  higher  standard 

highly  mana^d  t 
from  data  reBln 


Demand  a  higher  return  on  your  hosting  investment.  More 
than  350  companies  around  the  world  look  to  Data  Return 
to  run  their  mission-critical  business  applications  with 
unparalleled  levels  of  availability,  performance  and  scalability. 
Our  change  management  system,  intelligent  performance 
analysis,  custom  application  support  and  scalability  services 
ensure  your  applications  will  run  well  today  and  are  ready  for 
tomorrow.  Enterprise  managed  hosting  has  been  our  sole 
focus  for  more  than  six  years,  so  we're  as  serious  about  the 
success  of  your  application  as  you  are. 


intelligently,  chan-;  cautiously,  onitor  perceptively.  rapidly. 


DATA  RETURN  Highly  Managed  Hosting 


Microsoft 


www.datareturn.com 


800.767.1514 


J  2003  Data  Return.  LLC.  All  Rights  Reserved.  Data  Return  and  Highly  Managed  Hosting  are  trademarks  of  Data  Return,  LLC.  A  other  trademarks  are  property  of  r>e:r  respective  owt  ers. 


Offshore  Outsourcing 


response  to  ITAR  and  EAR  worries  took  back 
in-house  work  that  was  previously  being  done 
in  India  for  TRW  (which  it  acquired  in  2002), 
is  now  testing  the  offshore  waters.  “What  if 
our  shareholders  look  at  the  enormous  cost 
of  IT  at  our  corporation  and  benchmark  us 
against  other  Fortune  100  companies  not 
bound  by  ITAR?  We  can’t  afford  to  be  the 
ones  that  don’t  do  it,”  says  Northrop  Grum- 
man’s  Shelman.  He  is  currently  conducting 
two  pilots  in  India — one  for  an  ongoing  proj¬ 
ect  involving  PeopleSoft  support  and  another 
for  a  one-time  project  involving  Web  devel¬ 
opment — to  determine  if  offshoring  is  doable. 

“There  are  two  different  issues  you  have  to 
address  depending  on  your  level  of  paranoia,” 
says  Rapheal  Holder,  who  is  overseeing  the 
pilots  as  vice  president  of  shared  services  for 
Northrop  Grumman.  “There’s  how  you’re 
going  to  review  code  prior  to  introducing  it 
back  into  your  production  environment,  and 
how  you  address  the  need  to  give  foreign 
nationals  access  to  the  production  environ¬ 
ment  and  live,  potentially  sensitive  data.” 

Holder  says  it’s  been  a  painstaking  process; 
the  company  has  had  to  methodically  go 
through  each  system  to  identify  what  data 
controls  need  to  be  put  in  place,  how  to  pro¬ 
vide  the  offshore  workers  with  access  to  the 
live  production  environment,  and  ultimately 
how  to  inspect  code  created  by  the  foreign 
workers.  “It’s  a  slow  process  of  peeling  the 
onion,”  says  Holder. 

Shelman  says  Northrop  Grumman  will 
complete  the  pilot  projects  in  India  and  will 
be  able  to  give  a  yea  or  nay  to  offshore  out¬ 
sourcing  in  the  2005  IT  budget.  The  company 
may  enter  an  offshore  engagement,  but  only  if 
it  has  pinpointed  all  the  controls  required  to 
meet  export  requirements,  identified  the  infra¬ 
structure  required  and  can  still  foresee  signif¬ 
icant  cost  savings. 

SALVAGING  A 
DONE  DEAL 

When  IBM  and  Raytheon  initially  discussed 
their  outsourcing  deal,  IBM  executives  tried 
to  assure  Raytheon  CIO  Debrecht  that  sub¬ 
contracting  to  foreign  workers  would  not 
pose  a  problem.  “They  said,  ‘Oh  we’ve  done 


this  before,  and  we  know  how  to  work 
through  these  issues,”’  he  recalls. 

That  wasn’t  good  enough  for  Debrecht,  and 
he  knew  it  certainly  would  not  satisfy  execu¬ 
tives  at  Raytheon  headquarters.  “Raytheon  is 
very  sensitive  to  such  issues,  just  like  any  defense 
company  is.  You  read  in  the  paper  that  this  con¬ 
tractor  violated  this  or  that  export  law  and  was 
fined  millions  of  dollars,”  Debrecht  says.  “I 
don’t  want  to  be  the  one  to  have  to  go  to  the 
CEO  and  say,  Yeah,  that  was  because  of  me.” 

Not  surprisingly,  the  initial  reaction  of  top 
Raytheon  executives  to  IBM’s  plan  to  offshore 


some  of  the  SAP  deal  was  negative.  “The  easy 
answer  for  Raytheon  was  to  j  ust  say,  No,  don’t 
let  them  into  the  systems,”  Debrecht  says. 

Unfortunately  for  Raytheon  Aircraft,  the 
SAP  outsourcing  was  part  of  a  larger  supply 
chain  transformation  contract  with  IBM.  The 
proposed  project  required  a  host  of  changes 
to  the  SAP  system,  and  IBM  needed  control 
of  the  application  to  make  them  in  a  timely 
fashion,  says  Debrecht.  And  that  meant  access 
to  the  production  servers. 

Debrecht  had  gone  through  similar  issues 
on  other  projects,  but  those  were  relatively 


74  CIO  JANUARY  15,  2004  •  www.cio.com 


simple  application  development  situations. 
The  foreign  nationals  could  do  the  program¬ 
ming  work  on  development  servers,  where 
live  data  was  replaced  by  dummy  data,  and 
they  never  set  foot  in  the  production  environ¬ 
ment  stateside. 

That’s  how  Boeing,  for  example,  has  been 
able  to  outsource  some  programming  to  Russ¬ 
ian  outsourcer  Luxoft  for  the  past  four  years. 
Boeing  has  an  internal  committee  that  deter¬ 
mines  what  projects  can  be  sent  to  Russia.  It 
then  identifies  export-regulated  sensitive  data 
(such  as  diagrams  for  an  airplane  wing),  elim- 


TOM  SHELMAN,  CIO  of  Northrop  Grumman, 
would  consider  sending  HR  systems, 
financial  and  even  manufacturing  systems 
offshore,  though  he  says  he’d  keep 
engineering  design  systems  stateside. 


inates  it  from  the  application,  inserts  dummy 
data  in  its  place,  and  ships  it  off  to  Moscow 
where  developers  don’t  need  to  see  the  sensi¬ 
tive  data  to  do  their  work. 

When  it  comes  to  ongoing  systems  support, 
like  IBM’s  work  for  Raytheon  Aircraft,  where 
access  to  the  real  data  is  necessary,  things  get 
more  complicated.  “You  have  to  put  limits  on 
what  people  have  access  to,  create  audit  trails, 
know  who  has  what  passwords,”  Shaw 
Pittman’s  Stern  says.  “It’s  a  whole  regime  that 
has  to  be  put  in  place.” 

Raytheon  decided  the  time  and  money 
needed  to  make  the  project  work  was  worth  it, 
particularly  since  Raytheon  CIO  Rebecca 
Rhoads  would  like  to  see  the  company  take 
full  advantage  of  offshore  outsourcing.  So  for 
the  time  being,  IBM  has  agreed  not  to  use  for¬ 
eign  nationals  on  the  SAP  account  for  up  to 
two  years,  until  Raytheon  Aircraft  solves  the 
problem  of  making  offshoring  secure. 

“The  biggest  challenge  is  server  access,  par¬ 
ticularly  when  you  have  technical  data  that  is 
controlled  by  state  or  commerce,”  says 
Vastera’s  Christensen.  “Not  every  IT  depart¬ 
ment  knows  how  to  handle  that  well.  And 
there  are  always  drawbacks  to  controlling 
data  access.  Separate  servers  can  result  in  hard 
feelings  on  the  part  of  those  locked  out — 
encryption  which  may  not  be  all  that  good.” 

It  wasn’t  that  Raytheon  lacked  a  way  to 
control  access  to  its  live  data  before.  After  all, 
the  company  operates  in  76  countries  and  col¬ 
laborates  with  partners  around  the  world. 
The  U.S.  Navy’s  DDX  Destroyer,  a  high-tech 
$2.9  billion  warship  Raytheon  is  developing 
the  electronics  and  weapons  systems  for, 
involves  no  less  than  8 1  discrete  companies 
worldwide. 

But  up  until  now,  Raytheon  has  had  to 
build  secure  collaborative  environments  from 
scratch  on  a  case-by-case  basis.  That  meant 
assessing  requirements,  figuring  out  appro¬ 
priate  security  standards,  determining  how  to 
label  data  and  creating  an  Integrated  Digital 
Environment  (IDE)  for  data  sharing  specific 
to  the  needs  of  each  project. 

The  goal  now  is  to  streamline  and,  as  much 
as  possible,  automate  how  federally  regulated 
data  is  handled,  reducing  the  time  and  money 


it  takes  to  set  up  a  new  infrastructure  every 
time  the  company  wants  to  let  outsiders  into 
certain  areas.  “In  the  past,  it  was  very  man¬ 
ual,  writing  down  logs,  making  sure  the 
appropriate  federal  licenses  were  maintained, 
and  installing  firewalls  to  keep  non-U. S. 
Raytheon  separate  from  U.S.  Raytheon,” 
Daly  explains.  “It’s  very  frustrating  because 
as  a  business  what  we  need  are  canned  solu¬ 
tions  for  this  that  can  just  plug  and  play.  We 
just  can’t  spend  six  months  to  a  year  to  build 
a  collaborative  environment  each  time  we 
need  it.” 

A  NEW  KIND  OF 

KNOWLEDGE 

MANAGEMENT 

Debrecht  has  tapped  several  Raytheon  offi¬ 
cials  for  help  in  designing  the  automated  solu¬ 
tion  to  permit  IBM’s  offshore  subcontractors 
to  work  on  the  SAP  system,  including  execu¬ 
tives  in  corporate  governance,  IT  security,  HR 
and  the  legal  department’s  import  and  export 
division.  Daly  also  sent  two  of  his  employees  to 
Raytheon  Aircraft’s  headquarters  in  Wichita, 
Kan.,  to  help  Debrecht  devise  a  security  plan. 

“The  situation  requires  that  Raytheon  have 
a  multilevel  program  for  managing  outsourc¬ 
ing  and  federal  export  regulations,”  Daly 
explains.  “We  need  a  means  of  labeling  the 
data  that  everyone  understands.  We  need  a 
program  for  identifying  the  status  of  a  [U.S. 
person  or  foreign  national].  And  we  need  to 
put  in  an  infrastructure  that  allows  those  par¬ 
ties  to  participate  while  controlling  what  they 
have  access  to.” 

In  essence,  Daly  says,  Raytheon  needs  a 
very  intricate  form  of  knowledge  manage¬ 
ment,  which  does  not  yet  exist  commercially. 

First,  Debrecht  and  his  team  determined 
what  the  Indian  workers  will  be  able  to  look  at 
in  the  SAP  system  and  what  they  won’t,  in 
accordance  with  Raytheon’s  internal  rules  for 
export  compliance.  They  can  view  what’s  called 
a  “piece  part”  of  an  aircraft — anything  from  a 
nut  or  bolt  to  a  tire  or  piece  of  sheet  metal,  for 
example — as  long  as  they  don’t  know  how  it  is 
assembled.  If  they  had  access  to  the  materials 
information  and  the  recipes  for  putting  them 
together,  that  would  be  a  problem. 


www.cio.com  •  JANUARY  15,  2004  CIO  75 


Offshore  Outsourcing 


That  phase  complete,  “ it’s  now  a  matter  of 
figuring  out  how  we  can  separate  out  all  the 
non-ITAR,  non-EAR  data  and  let  them  sup¬ 
port  the  things  that  are  OK  for  them  to  see,” 
Debrecht  says.  This  phase  two  is  sticky 
because  the  SAP  production  server  is  ulti¬ 
mately  linked  to  the  larger  Raytheon  network. 
“If  we  let  them  into  our  production  network, 
a  person  with  the  right  skills  could  hack  into 
other  areas  within  Raytheon,”  he  says. 

Debrecht  plans  to  use  a  secure  ID  setup 
with  two-factor  authentication  to  automati¬ 
cally  determine  who  can  get  into  the  network. 
SAP  will  monitor  what  transactions  an  Indian 
professional  can  run,  what  tables  he  can  mod¬ 
ify  and  so  forth.  Raytheon  would  administer 
the  system,  but  IBM  would  use  it  to  enable  its 
offshore  subcontractors  to  work  on  the  SAP 
system.  But  in  order  to  protect  the  rest  of  the 
network,  Debrecht  must  go  further;  Raytheon 
is  working  on  a  next-generation  security  sys¬ 
tem  in  conjunction  with  Microsoft  and  Cisco. 
But  in  the  near  term,  Debrecht  sees  a  poten¬ 
tial  solution  in  what  he  calls  a  terminal  DMZ 
server.  One  step  removed  from  the  real  net¬ 
work,  it  duplicates  the  information  the  worker 
needs  from  the  network  without  providing 
actual  access  to  the  network. 

Phase  three,  says  Debrecht,  will  be  figuring 
out  a  secure  way  to  let  foreign  nationals  onto 
the  actual  production  equipment,  giving  them 
access  to  only  the  live  data  they  are  permitted 
to  see.  “That’s  the  final  end  state,”  says 
Debrecht.  “At  that  point  there  will  be  a  sepa¬ 
ration  of  data,  a  lockdown  of  sensitive  data, 
security  profiles  for  every  worker  determin¬ 
ing  their  level  of  access,  and  networkwide 
security  that  will  prevent  foreign  workers 
from  leaving  the  production  system  and  get¬ 
ting  on  to  the  [Raytheon]  network.” 

Once  Debrecht  figures  out  how  to  make 
that  work,  he’ll  hire  an  outside  security  cor¬ 
poration  to  come  in  and  try  to  break  the  new 
system.  If  it  fails,  Debrecht  may  succeed  in 
enabling  IBM  to  use  its  offshore  facilities  on 
the  project.  Of  course,  IBM  must  then  com¬ 
ply  with  all  the  new  processes  and  systems 
Raytheon  Aircraft  puts  in  place.  If  not,  says 
Debrecht,  IBM  will  have  violated  the  initial 
contract,  and  the  deal  may  end  prematurely. 


(NOT  SO  EASY)  STEPS 

FOR  COMPLYING  WITH  FEDERAL 
EXPORT  REGULATIONS 

all  sensitive  data  in  a  sys¬ 

security  profiles  for  all 

tem.  Start  with  the  most  obvious,  but 

workers  and  lock  down  foreign 

don’t  assume  anything  is  “safe.” 

nationals’  access  to  regulated 
information. 

the  strength  of  out¬ 

sourcers’  physical  and  information 

at  least  a  two-factor 

security  practices  before  signing 

method  of  identification  for  all 

a  contract  with  them. 

users. 

not  only  the  regulations 

an  outside  company  to 

compliance  into  outsourcing 

assess  your  network  security. 

contracts  but  include  specific 

Find  out,  for  example,  if  work¬ 

processes  for  meeting  requirements. 

ers  can  break  into  the  rest  of  the  net¬ 
work  when  you  provide  access  to  a 

a  change  control  mech¬ 

live  production  server. 

anism  in  the  contract  so  that  as 

situations  shift  (for  example, 

periodic  audits  of 

the  outsourcer  wants  to  add  foreign 

the  outsourcers’  compliance 

nationals  to  a  project),  processes  can 

with  the  federal  regulations. 

be  revised. 

-S.0. 

“But  they  probably  have  too  much  at  stake, 
as  do  we,  to  give  up,”  Debrecht  predicts. 

Debrecht  hopes  to  have  a  secure  method  in 
place  within  six  months  that  allows  IBM  to 
employ  Indian  subcontractors.  If  he  does,  the 
opportunities  for  sending  information  tech¬ 
nology  work  offshore  could  increase  dra¬ 
matically.  “We  don’t  do  a  lot  of  design  or 
development  outsourcing.  But  we’re  talking 
about  breaking  new  ground  here,”  he  says. 
“This  could  open  up  other  opportunities 
within  the  corporation.” 

Ultimately,  the  question  for  companies 
such  as  Raytheon,  Lockheed  Martin  and 


Learn  More  About  Offshore  Risk 


The  defense  industry  isn't  the  only  one  vulner¬ 
able  to  outsourcing’s  risks.  Any  U.S.  company 
can  get  stung  by  industrial  espionage  and  poor 
intellectual  property  safeguards.  For  tips  on 
writing  a  safer  offshore  outsourcing  contract, 
read  AT  RISK  OFFSHORE.  Find  the  article  at 
www.cio.com/printlinks. 


Northrop  Grumman  will  be  where  to  draw 
the  line.  Shelman  could  see  sending  HR 
systems,  financial  and  even  manufacturing 
systems  offshore  eventually,  though  he  says 
he’d  keep  engineering  design  systems  state¬ 
side.  Business  process  outsourcing — such  as 
data  entry  or  accounting,  whereby  the 
provider  manages  the  network  in  addition  to 
business  functions  performed  on  that  net¬ 
work — done  by  foreign  nationals,  for  exam¬ 
ple,  is  also  unlikely.  “There’s  no  way  to  avoid 
using  real  data  with  BPO,  and  you  have  to 
ensure  that  your  outsourcer  is  as  careful  about 
the  data  as  you  are,”  Stern  says. 

But  then  again,  maybe  it’s  possible. 

“Once  we’re  able  to  crack  the  code  and 
we’re  able  to  do  this  in  some  kind  of  repeat- 
able  manner,”  Debrecht  says,  “who  knows 
what  else  we  can  do.”  rara 


Contact  Senior  Writer  Stephanie  Overby  via  e-mail 
at  soverby@cio.com. 


76  CIO  JANUARY  15,  2004  •  www.cio.com 


mmmtm 


NO  PURCHASE  NECESSARY  Go  to  DLTtape.com  lor  official  rules-.  Sweepstakes  ends  3/31/04.  Open  to  residents  of  the  United  States  and  Canada  who  are  18  or  older  and  employed  as  an  IS/IT  professional.  Void  in  Quebec 
©  2004  Quantum  Corporation.  All  rights  reserved.  OPTIONS  ARE  A  BEAUTIEUL  THING.  DLTIape  and  DLTSage  are  trademarks  and  the  DLTtape  logo  is  a  registered  trademark  ot  Quantum  Corporation.  'Based  on  2:1  compression. 


1 - 

NOW 

_ 1 

5 

HOWING 

WITH  4— | 

DLTSAGE,  J 

s  integration  time 

BY  TODD  DATZ 


and  effort— but  only  if  you  implement  them  correctly 


Reader  ROI 

►  Definition  of  SOA 

►  Benefits  and  risks 

of  the  new  architecture 

►  Steps  in  developing  an 
SOA  strategy  ’ 


m 


\ 


Don  Bustard,  senior  vice  president  and  CTO  at  AXA  Financial,  a  $7.5  billion  insurance 

arid  financial  services  company,  compares  his  service-oriented  architeAre 
(SOA)  to  a  system  of  gears:  some  big  and  slow-turning,  some  small  and  fast. 

And  Buskard  believes  SOA  is  the  right  mechanism— a  transmission  of  sorts— 

I 

for  fin  IT  environment  (like  so  many  othJs)  I  which  relatively  ponderoildata- 


/ 


ervice-oriented  architecture  isn’t  a  new  approach  to  software  design.  Some 
of/the  notions  behind  SOA  have  been  around  for  years,  Jess  Thompson,  a 
research  director  at  Gartner,  says  the  underlying  concepts  date  back  to  the 
/early  1970s,  when  researchers  started  drawing  boundaries  around  software 
and  providing  access  to  that  software  only  through  well-defined  interfaces 


78 


CIO  JANUARY  15,  2004  •  cio.com 


ILLUSTRATION  BY  JO  TYLER 


J.TVLt 


Architecture 


(an  idea  called  encapsulation).  But  lately,  SOA  has  been  gaining 
traction,  especially  as  CIOs  begin  to  think  seriously  about  Web 
services.  Gartner  estimates  that  by  2008,  more  than  60  percent  of 
enterprises  will  use  SOA  as  a  “guiding  principle”  when  creating 
mission-critical  applications  and  processes. 

But  to  implement  an  SOA,  you  must  first  understand  it — and 
that  isn’t  always  easy.  So  let’s  begin  with  some  simple  questions 
and  (hopefully)  simple  answers. 


An  SOA  Glossary 


Enterprise  service  bus:  A  software  infrastructure  that  uses 
a  standard  interface  and  messaging  to  integrate  applica¬ 
tions;  one  way  to  implement  an  SOA.  (Note;  The  term, 
which  was  coined  in  a  report  by  Gartner,  is  relatively  new.) 

Loosely  coupled:  The  use  of  well-defined  interfaces  to 
connect  services;  SOAs  are  built  using  a  loosely  coupled 
approach,  where  a  change  in  one  service  does  not  require 
changes  in  linked  services. 

Message-oriented  middleware  (MOM):  Sometimes 
referred  to  as  a  message-oriented  architecture,  MOM  pro¬ 
vides  a  mechanism  for  connecting  various  applications, 
even  across  platforms.  Data  resides  in  message  queues 
where  receiving  programs  can  retrieve  it  without  creating  a 
direct  connection  with  the  sending  applications. 

Publish-subscribe:  System  where  services  post  (or  "pub¬ 
lish")  data  that  other  services  can  request  (or  “subscribe” 
to).  When  the  published  information  changes,  the  sub¬ 
scribed  services  automatically  receive  updates. 

Service-oriented  architecture  (SOA):  An  architecture 
built  around  a  collection  of  reusable  components  with 
well-defined  interfaces.  -T.D, 


WHAT  THE  HECK  IS  AN  SOA? 

SOAs  start  with  services,  which  are  groups  of  software  compo¬ 
nents  that  carry  out  business  processes,  for  example,  verifying  a 
credit  card  transaction  or  processing  a  purchase  order.  At  its  most 
basic,  an  SOA  is  a  collection  of  services  on  a  network  that  com¬ 
municate  with  one  another.  The  services  are  loosely  coupled 
(meaning  that  an  application  doesn’t  have  to  know  the  technical 
details  of  another  application  in  order  to  talk  to  it),  have  well- 
defined,  platform-independent  interfaces,  and  are  reusable.  SOA 
is  a  higher  level  of  application  development  (also  referred  to  as 
coarse  granularity)  that,  by  focusing  on  business  processes  and 
using  standard  interfaces,  helps  mask  the  underlying  technical 


complexity  of  the  IT  environment.  It’s  like  translating  a  high 
school  science  text  for  your  kindergarten-age  daughter;  you  can 
tell  her  that  the  heart  pumps  blood  without  getting  into  the  mitral 
valve  and  pulmonary  veins. 

ISN’T  SOA  JUST  CORBA  IN  NEW  CLOTHES? 

No.  SOA  is  an  evolution  from  traditional  tightly  coupled  applica¬ 
tion  connections — including  common  object  request  brok®  archi¬ 
tecture,  or  Corba — to  loosely  coupled  ones,  such  as  Web  services. 
Tight  coupling  makes  it  hard  for  applications  to  adapt  to  changing 
business  requirements,  as  each  modification  to  one  application 
may  force  developers  to  make  changes  in  other  connected  appli¬ 
cations.  Also,  object-oriented  development  uses  a  finer  level  of 
granularity — objects  might  be  defined  at  the  level  of  employee  or 
customer  order.  In  an  SOA,  a  service  is  defined  at  a  more  abstract 
level,  say,  a  business  process  such  as  generating  a  phone  bill. 

WHAT  ARE  THE  BENEFITS  OF  ADOPTING  AN  SOA? 

SOAs  make  it  easier  to  integrate  the  “everything  but  the  kitchen 
sink”  IT  environments  found  in  most  companies.  “That’s  the  big 
value  of  an  SOA;  it  works  very  well  in  heterogeneous  environ¬ 
ments,”  says  Jason  Bloomberg,  a  senior  analyst  at  ZapThink,  a 
Web  services  consultancy.  Developers  don’t  have  to  spend  an 
inordinate  amount  of  time  writing  new  lines  of  code  to  connect 
applications.  Instead,  they  can  use  standard  protocols,  such  as 
Web  services.  And  large  chunks  of  SOA  code  are  reusable,  reduc¬ 
ing  development  costs.  An  SOA  takes  your  legacy  investments — 
your  SAP,  Siebel,  Oracle  and  the  like — and  makes  them  all  play 
nicely  (and  more  cheaply)  together. 

“That’s  the  sweet  spot  for  SOA — leveraging  your  existing  port¬ 
folio,”  says  Tim  Bass,  president  of  Silk  Road,  an  IT  consultancy. 
You  don’t  need  to  rip  and  replace  those  systems  with  brand-new 
ones.  By  identifying  the  capabilities  of  existing  systems  and  lever¬ 
aging  them,  you  maximize  the  value  of  your  IT  investments  while 
minimizing  your  risk,  he  says.  Also,  building  services — for  exam¬ 
ple,  using  simple  object  access  protocol  (SOAP)  and  Web  serv¬ 
ices  description  language  (WSDL) — not  only  smooths  the 
internal  integration  process,  it  also  lets  customers  and  business 
partners  share  information  more  easily  across  company  firewalls. 

Another  benefit  of  an  SOA  is  that  it  can  lead  to  a  better  dia¬ 
logue  between  the  CIO  and  line-of-business  execs  by  forcing  IT 
workers  to  think  in  terms  of  business — not  technical — architec¬ 
tures.  If  a  business  wants  to  build  a  better  inventory  control  sys¬ 
tem,  for  example,  the  operations  folks  can  hook  up  with  the  IT 
architects  and  talk  about  the  best  way  to  design  it  based  on  busi¬ 
ness  flows  and  how  best  to  meet  the  needs  of  the  business.  And 
implementing  that  design,  which  often  involves  large-scale  inte¬ 
gration,  becomes  a  less  gruesome  task. 

For  that  dialogue  to  work,  businesspeople  have  to  think  about 
the  best  ways  to  run  their  business.  What  processes  do  I  need  to 


80  CIO  JANUARY  15,  2004  •  www. cio.com 


nexhra 


It  ain’t  braggin’ 
if  you  can  do  it. 


--  "Trrryti- 

W  -  -I-  ■ 

r»  *  0  ^ 

% 


•' V 

/  .  '4  '  < 

f  '  ,  Ut 

-  v'  •  ■  •  *  -  i X 


Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can 
measure.  A  network  solutions  and 
services  provider  called  NextiraOne. 

At  NextiraOne,  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing, 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures, 
in  the  United  States  or  around  the 
world.  You  name  it,  we  do  it  -  with 
world-class  results. 

www.NextiraOne.com  (888)  888-1055 


Architecture 


put  in  place  to  best  accommodate  my  customers?  How  can  I 
improve  my  level  of  customer  service?  By  exposing  and  sharing 
information  across  once-siloed  applications,  companies  can 
extract  more  business  performance  data  in  real-time,  improving 
business  intelligence.  There’s  a  whole  new  level  of  responsiveness 
companies  can  exploit  through  a  common  architecture,  says 
Dana  Gardner,  a  senior  analyst  at  the  Yankee  Group.  “If  there’s 
a  hurricane  on  the  East  Coast,  [resulting  in  a]  great  need  to  move 
plywood  from  another  part  of  the  country,  I  can  be  responsive  in 
real-time,”  he  says.  “I  have  information  a  bout  what’s  going  on  in 
my  business  that  I  didn’t  have  before.”  In  a  perfect  SOA  world, 
companies  improve  their  ability  to  adapt  to  changing  business 
requirements  and  shifting  market  conditions. 

Finally,  the  benefits  of  easier  integration  and  increased  agility 


systems  with  his  front-end  apps.  This  works  in  tandem  with 
Candle’s  PathWAI  suite,  which  helps  optimize  WebSphere  MQ 
by  monitoring  its  performance. 

Jon  Johnson,  chief  engineer  for  Northrop  Grumman  Mission 
Systems  of  the  Colorado  Springs  Engineering  Organization,  also 
has  built  an  SOA,  based  on  a  publish-subscribe  system  (see  “An 
SOA  Glossary,”  Page  80)  without  Web  services.  He’s  deployed 
Java  Message  Service  as  a  messaging  layer  on  top  of  a  Web  server 
and  an  application  server,  and  uses  the  enterprise  service  bus  from 
Sonic  Software  to  help  with  integration  and  data  movement. 
Johnson  says  that  his  services  are  designed  like  Web  services,  only 
without  the  Web  services  interface. 

One  of  the  ma  j  or  benefits  of  the  SOA,  he  says,  is  that  the  right 
data  gets  sent  to  the  right  person  or  application.  For  example, 


lead  to  greater  ROI.  Buskard  says  he’s  achieved  a  200  percent 
return  on  his  SOA  investment.  One  of  AXA  Financial’s  most  pop¬ 
ular  SOA-based  services  is  Get  Client,  in  which  any  front-end 
app  can  issue  a  command  and,  after  probing  around  the  legacy 
systems,  come  back  with  a  complete  picture  of  a  customer’s 
investments.  Buskard  says  that  Get  Client  is  one  example  of  how 
AXA  achieves  its  ROI — developers  design  services  to  be  generic 
enough  that  they  can  work  with  an  array  of  front-facing  systems, 
reducing  development  time  and  freeing  developers  to  spend  more 
time  on  business  solutions.  In  addition,  IT  workers  can  easily 
incorporate  new  technologies  into  the  SOA,  reducing  risk  and 
expense  while  speeding  development  of  new  applications. 

WHAT  ROLE  DOES  WEB  SERVICES  PLAY  IN  AN  SOA? 

First,  it’s  important  to  note  that  an  SOA  does  not  require  Web 
services;  and  Web  services  can  be  deployed  without  an  SOA.  There 
are  those,  however,  who  believe  that  building  an  SOA  using  Web 
services  is  the  ideal  approach.  Gartner’s  Thompson  belongs  to 
that  camp.  He  cautions,  however,  that  users  must  implement  Web 
services  properly  to  create  an  SOA.  If  done  correctly,  he  notes,  a 
Web  service  is  little  more  than  an  SOA  that  uses  SOAP  and  WSDL. 

Buskard,  on  the  other  hand,  has  built  his  company’s  SOA  with¬ 
out  Web  services,  as  none  of  his  internal  or  external  customers 
are  asking  for  them  at  this  point  (though  he’s  keeping  his  ear  to  the 
ground  in  case  they  do  later  on).  Instead,  he  uses  IBM’s  Web¬ 
Sphere  MQ  as  a  messaging  and  integration  layer  to  connect  legacy 


when  a  user  logs  on  using  an  ID,  the  system  knows  who  the  user 
is  and  pushes  only  the  data — for  example,  maps  and  task  lists — 
that  the  person  is  authorized  to  see. 

WHAT  ARE  THE  CHALLENGES? 

Security  is  a  big  one.  “It’s  always  easier  to  secure  a  closed  system 
than  an  open  architecture,”  says  Silk  Road’s  Bass.  CIOs  must 
deal  with  the  lack  of  security  standards  for  Web  services  (see  “Cal¬ 
culated  Risks,”  www.cio.com/printlinks).  To  overcome  some  of 
these  security  roadblocks,  Bass  advises  that  companies  move 
slowly  when  setting  up  an  SOA,  focusing  first  on  business 
processes  that  don’t  require  a  high  level  of  security. 

Trying  to  manage  the  complexity  of  a  services  configuration 
can  be  tricky  as  well,  says  Bass,  and  requires  a  good  SOA  gover¬ 
nance  model.  For  example,  if  you  have  nodes  on  a  network  that 
are  service-oriented  and  100  people  are  using  a  certain  interface, 
how  do  you  communicate  with  those  users  if  someone  decides 
to  change  the  interface? 

Another  issue  is  network  monitoring.  “As  we  create  the  capa¬ 
bility  to  orchestrate  complex  Net-centric  business  processes  in  a 
service-oriented  architecture,  we  also  create  complex  monitor¬ 
ing  and  auditing  requirements,”  says  Bass.  For  instance,  when  a 
transaction  goes  awry  on  a  service-oriented  network,  which  could 
involve  multiple  service  providers,  finding  out  what  went  wrong 
or  where  the  transaction  dropped  or  whether  someone  put  bad 
information  in  the  network  can  be  a  challenge.  “The  current  Web 


82  CIO  JANUARY  15,  2004  •  www.cio.com 


NETS  WITH  NO  HOLES 


WE  MAKE  YOUR  NETWORK  SECURITY  OUR  BUSINESS 


TOSHIBA 


Microsoft 


CERTANCE 

4  HiftU  tfflllttt 


Color  LaserJet  4600 

Portege  M200 

Office  Professional 

TAPESTOR  DAT 

Color  laser  printing  for 

Tablet  PC 

Edition  2003 

72  Kits 

the  entire  office 

■  I7ppm  ■  8.5"  x  14"  Max.  page  sz. 

Microsoft  Office 

OneNote  2003  pre-installed 

License  with  SA 

Cost  effective  backup 

■  HP  Resolution  Enhanced 

■  1.5GHz  Centrino  P-M 

•  Fully  supports  XML 

•  Up  to  72GB  per  data  cartridge 

Technology  2400  Max. 

•  12.1"  SXGATFT 

■  Increased  security  and  privacy 

■  Ultra  SCSI  LVD  interface 

■  500-sheet  feeder  tray 

■XP  Tablet  '802.11b 

■  internet  access  to  Exchange  Server 

$999 

$1999 

$2399 

$26995* 

#455478 

#451401 

#344541 

#4736939 

‘Open  Value  License  year  1  of  3. 

Cisco  Systcms 

Authorized 

1*11, 1 Resel"" 

PIX  Firewall  506E 
Security  Appliance 

•  Enterprise-class  security 
with  multi-layered  defense 

•  Ideal  for  securing  remote 
office  internet  connections 

$949 

#454890 


PC  Connection- 


)  2004  PC  Connection.  All  rights  reserved.  PC  Connection  is  a  trademark  of  PC  Connection,  Inc.  or  its  subsidiaries.  All  other  trademarks  remain  the  property  of  their  respective  companies. 


www.pcconnection.com 


800.986.271  2 


we  have  your  brand." 


It's  OK  to  show  off  to  your 
friends  that  you  were  in  CIO. 


But  it's  even  better  to 
show  your  customers. 


% 


What  better  way  to  inform  your  key  cus¬ 
tomers  of  your  editorial  coverage  in  CIO 
than  through  customized  Editorial 
Reprints? 

Leverage  the  positive  impact  of 
your  editorial  coverage  by  using 
reprints  for  direct  mail  campaigns,  seminar 
promotions,  employee  communications,  recruiting 


/ 

*  ' 


and  marketing  programs.  Let  us  enhance 
your  reprints  with  your  company's  logo, 
address,  and  sales  message.  Reprints 
make  great  SALES  tools  for  trade  shows, 
mailings  or  media  kits. 

And  while  a  framed  copy  of  your  article 
will  look  neat  on  your  wall,  it  will  look  even 
better  in  the  hands  of  your  customers. 


For  more  information  on  customized  editorial  reprints  in  volume  quantities,  contact  Jackie  Day  at  651-582-3856 

or  visit  our  website  at  cio.com/marketing  and  click  on  reprints. 


Architecture 


services  technical  standards  are  only  begin¬ 
ning  to  scratch  the  surface  in  making  these 
lofty  service-oriented  distributed  collabora¬ 
tion,  process  orchestration  and  monitoring 
goals  a  practical  reality,”  Bass  claims. 

Finally,  there’s  the  cost  issue.  Building  an 
SOA  isn’t  cheap;  reengineering  your  existing 
systems  architecture  is  going  to  cost  some 
serious  money.  It  also  requires  significant 


level  of  service  to  provide.  And  those  serv¬ 
ices  shouldn’t  have  too  fine  a  granularity — 
that  defeats  the  goal  of  services,  which  is  to 
function  at  a  higher,  business-process  level. 
Too  narrow  a  focus  creates  a  need  for  more 
services,  which  increases  development  time. 
And  in  the  worst  case,  too  many  services  can 
flood  a  network.  You  should  also  employ  an 
SOA  where  it  will  do  the  most  good.  Bass 


The  challenge  in  building  an 
SOA  is  to  keep  people- 
including  both  Hand  ( 
business-side  staff— focused 
on  the  architecture  goali 


human  capital,  including  business  analysts  to 
lay  out  the  business  processes,  systems  archi¬ 
tects  to  turn  processes  into  specifications, 
software  engineers  to  develop  the  new  code 
and  project  managers  to  track  it  all. 

ARE  THERE  ANY  GENERALLY 
ACCEPTED  BEST  PRACTICES  FOR 
BUILDING  AN  SOA? 

It  may  sound  obvious,  but  having  a  blueprint 
for  your  SOA  is  critical.  It’s  very  easy  for 
companies,  especially  large  enterprises  with 
disparate  operations,  to  buy  new  technolo¬ 
gies  or  integrate  applications  without  regard 
to  how  they  fit  into  the  overall  plan.  The 
challenge  in  building  an  SOA  is  to  keep 
people — including  both  IT  and  business-side 
staff — focused  on  the  architecture  goals. 

IT  execs  will  also  need  to  identify  the  right 


Learn  More  About  Architecture 


Looking  for  more  EMERGING  TECHNOLOGIES 

to  add  to  your  arsenal?  Check  out  the  online 
Emerging  Technology  Research  Center 
(www.cio.com/research/current)  for  updates 
on  SOA's  cousins— Web  services  and  other 
collaborative  tools. 


notes  that  quality  of  service  needs  to  be 
taken  into  account  when  implementing 
SOAs.  He  says  that  a  loosely  coupled  archi¬ 
tecture  is  good  for  systems  that  don’t  require 
near-real-time  responses.  Pick  systems 
where,  if  information  doesn’t  get  where  it 
needs  to  be  on  time,  the  consequences  are 
minor,  not  catastrophic.  (For  example,  an 
SOA-based  air-traffic  control  system  would 
be  a  bad  idea.) 

SHOULD  YOU  BE  THINKING 
ABOUT  AN  SOA? 

Many  CIOs  are  seriously  considering  SOAs, 
particularly  as  they  experiment  with  Web  serv¬ 
ices.  The  potential  payoffs  are  compelling — 
increased  agility,  faster  and  cheaper  integration, 
the  leveraging  of  existing  IT  assets  and  a  focus 
on  business  processes.  Sure,  building  an  SOA 
requires  a  significant  investment,  and  there  are 
still  plenty  of  questions  around  the  immature 
Web  services  market.  But,  at  a  minimum,  it’s  a 
strategy  worth  watching.  BE] 


E-mail  feedback  to  Senior  Editor  Todd  Datz  at 
tdatz@cio.com. 


Get  Further 
Insight  Into 
Your  Growing 
Business 


Are  you  equipped  to  take  your 
business  to  the  next  step? 


How  do  you  integrate  your  systems 
and  processes  from  end  to  end? 

'# 

How  do  you  know  if  your  systems 
can  keep  up  with  your  company’s 
growth  rate? 

To  address  these  issues,  plus  a 
range  of  business  applications,  CIO 
has  developed  a  Business  Insight 
Center  in  partnership  with  Microsoft 
Business  Solutions. 

This  compilation  of  insights,  tools 
and  information  has  been  specially 
designed  to  provide  the  up-to-date 
information  you  need,  in  order  to 
keep  your  company  ahead  of  the 
curve. 

Visit  the  Business  Insight  Center  at: 


www.cio.com/research/bic 


www.cio.com  •  JANUARY  15,  2004  CIO  85 


The  Resource  for  Information  Executives 


CIO  Perspectives®  Conference 

April  18-20, 2004  La  Costa  Resort  &  Spa  Carlsbad,  California 

Spend  a  few  thought-provoking  and  enlightening  days  with  your  CIO  peers. 

Building  the 

21st  Century 

Organization 

Mastering  the  Politics,  Policies  and  Technologies 


The  high-performance,  technology- 
enabled,  global,  seamless  and  secure 
organization:  that’s  the  goal  of  every  CIO. 

Overthe  past  few  years,  hardware  and  network/tele- 
com  costs  have  lowered  significantly,  and  the  enter¬ 
prise  software  industry  continues  to  mature.  We’ve 
spent  considerable  time  and  money  re-engineering 
and  streamlining  business  processes,  “right-sizing”  our 
staff  and  organizations,  leveraging  our  customer  infor¬ 
mation  and  analyzing  our  vulnerabilities.  But  we’re  still 
not  there.  We  haven’t  won  the  IT  value  argument  with 
management,  and  our  users  continue  to  give  us  low 
marks.  So,  what’s  holding  us  back?  We’ll  examine  the 
roadblocks  that  internal  and  external  politics,  policies 
and  technologies  are  throwing  at  us,  and  learn  what 
actions  we  can  take— individually  and  collectively— to 
overcome  them. 


Powerful  Insights 
Actionable  Ideas 
Great  Networking 


Call  800.366.0246  or  visit 
www.cio.com/conferences 


The  Resource  for 
Information  Executives 


Conference  Moderator 
and  Closing  Keynote: 
W.  Brian  Arthur, 

Citibank  Professor  & 
Member,  Board  of  Trustees, 
Santa  Fe  I nstitute  &  Fellow  of  the 
World  Economic  Forum 


Monday  Opening 
Keynote: 

Thomas  W.  Malone, 

author  of  the  new  book, 

The  Future  of  Work:  How  the 
New  Order  of  Business  Will  Shape 
Your  Organization,  Your  Management  Style 
and  Your  Life,  &  Patrick  J.  McGovern  Profes¬ 
sor  of  Management,  MIT  Sloan  School  of 
Management 


For  More 
Information 

Call  800.366.0246  or  visit 
www.cio.com/conferences. 


To  be  eligible  for  CIO  Perspectives  Conference 
attendance,  you  must  be  a  CIO  or  executive-level 
IT  practitioner  or  a  participating  corporate  sponsor. 


Bring  Your  CSOorCISO 
to  the  concurrently  running 
CSO  Perspectives  Conference 

Our  CSO  (Chief  Security  Officer)  Conference,  How  to 

Take  the  Sting  Out  of  Risk,  is  being  held  at  La  Costa 
during  the  same  time.  If  you  and  your  CSO  or  CISO 
wish  to  attend  the  respective  concurrent  CIO  and 
CSO  events— you’ll  get  a  significant  package  dis¬ 
count. 

Have  your  chief  security  executive  check  out  the  CSO 
conference  information  at  www.csoonline.com,  then 
call  us  at  800.366.0246  for  special  pricing. 


Globalization  touches  all 
^organizations.  What  do  your 
policies  say  about  your  politics? 


The  recent  wave  of  business  scandals 
shows  how  far  many  have  strayed  from 
'ethical  behavior  and  the  concept  of 
moral  courage.  How  do  we  bring  back 
these  values? 


How  can  your  organization’s 
structure  help  ensure  the  safety  of 
your  electronic  and  physical  assets? 


Learning 
from 
a  Crisis 


Reality  Bites 


A  run  of  nasty  viruses  and  a  major 
•j power  blackout  provide  several 
j  lessons  we  can  take  to  heart. 


It’s  an  election  year;  no  candidate  is 
really  talking  about  “IT  issues”— but  a 
new  spate  of  proposed  legislation  will 
impact  the  CIO’s  job. 


Research  findings  and  best  practices 
on  everything  from  finance  to  staffing 
to  marketing/communications. 


j  What  are  the  high  stakes  battles  | 
land  how  will  the  outcome  shape 
products  and  services? 


The  complaints  about  the  overall  lack  of 
quality  of  major  commercial  software 
are  endless.  What  can  and  is  being  done 
to  make  it  better? 


Are  we  stifling  innovative  products  and 
services  because  CIOs  are  afraid  to  buy 
from  small  firms  and  start-ups? 


Many  enterprise  applications  turn  into 
major  disappointments,  if  not  disasters. 
Were  they  over-hyped?  Were  our 
expectations  unrealistic?  What 
separates  winners  from  losers? 


"I  need  an  IP  telephony  provider 
that  delivers  strength  and  experience  in 

both  data  and  voice." 


3Com 


Give  3Com®  a  seat  at  the  table. 


Required  to  deliver  the  near-flawless  uptime  you  expect  from  your  phone  system,  IP  telephony  also  introduces  data 
requirements  unfamiliar  to  your  traditional  telephony  provider.  That's  why  you  want  an  IP  telephony  provider  with 
field-proven  expertise  in  both  data  networking  and  telephony. 

3Com  delivers  field-proven  expertise  in  both  data  networking  and  telephony.  Since  the  introduction  of  its  first 
^  IP  telephony  system,  3Com  has  been  a  leader  in  quality,  reliability  and  value.  Consider  our  experience  with 
BSSm  I  both  data  and  voice. 

•  20  billion  minutes  of  voice  traffic  served  in  telecommunication  provider  networks 

•  3Com  delivered  360,000,000  Ethernet  connections  since  its  founding  in  19.79  t 

•  1 5,000  IP  telephony  systems  installed  N~ 

•  99.999%  documented  uptime  availability  • 

So  if  you're  looking  for  an  affordable  IP  telephony  solution  that  scales  from  5  to  50,000 
users,  don't  settle  for  less  than  the  best.  Give  3Com  a  seat  at  the  table,  and  get  all  the 
experience  and  expertise  you  need. 


O  I  i  i 


Possible  made  practical" 


$5,000.*  Visit  www.3com.com/IPtelephony1. 


•  Sweepstakes  is  open  to  legal  residents  of  die  United  States  (excluding  Puerto  Rico)  and  Canada  (excluding  Quebec).  No  purchase  necessary.  Purchase  will  not  increase  chances  of  winning.  Prize  valued  at  $5,000  (USD).  Odds  of  winning 
depend  on  number  of  entries  received.  Subject  to  Official  Rules.  For  rules  and  entry  details,  go  to  www.3com.com/lPtelephony1.  Ends  5/31/04  Void  where  prohibited.  This  promotion  may  be  altered  or  canceled  at  any  time, 

Copyright  ©  3003  3Com  Corporation  All  rights  reserved  3Com  and  the  3Com  logo  are  registered  trademarks  of  3Com  Corporation  and  Possible  made  practical  is  a  trademark  of  3Com  Corporation.  All  other  company  and  brand  names 
may  be  trademarks  of  their  respective  owners. 


Edited  by 
Christopher 
Lindquist 


■ 


From  Inception  to  Implementation- IT  That  Matters 


PCs  are  getting 
faster  and  fancier. 
And  thin  is  in. 


Dawn  of  a  New  PC 

BY  JOHN  EDWARDS 


PERSONAL  COMPUTING  |  Like  many  an  aging  celebrity  trying  to  stave  off  obscurity,  the 
PC  is  about  to  get  a  face-lift.  With  a  nip  here,  a  tuck  there,  a  speedier  processor,  an  improved 
system  bus,  better  displays  and  seamless  wireless  connectivity,  next-generation  PCs  aim  to  help 
enterprises  make  the  leap  into  IT’s  new  world.  But  will  IT  even  care? 


Heart  Transplant 

To  renew  the  venerable  PC,  vendors  are  starting  at  the  heart  of  the  matter:  the  processor.  Back 
in  1981,  the  original  IBM  PC  featured  an  amazingly  modest — at  least  from  today’s  perspec¬ 
tive — 4.77MHz  CPU.  Twenty-three  years  later,  the  two  leading  PC  processor  makers — Intel  and 
Advanced  Micro  Devices  ( AMD ) — are  relentlessly  pushing  processor  speeds  toward  4GHz  on 
both  desktop  and  laptop  models. 

Yet  raw  speed  isn’t  the  only  processor  attribute  that  separates  the  latest  PCs  from  their  under¬ 
powered  predecessors.  New  chip-oriented  infrastructures,  such  as  Intel’s  Hyper-Threading  and 
the  AMD-promoted  HyperTransport,  promise  to  give  PC  users  added  power  and  convenience 
beyond  a  processor’s  basic  clock  speed. 

Hyper-Threading  brings  virtual  parallel  processing  to  a  single  CPU,  allowing  PCs  to  handle 


www.cio.com  •  JANUARY  15,  2004  CIO  89 


ILLUSTRATIONS  BY  LARRY  GOODE 


multiple  tasks  faster  and  without  interruption. 
“You  have  one  logical  processor  servicing 
whatever  you’re  doing  and  one  in  the  back¬ 
ground  taking  care  of  the  maintenance  tasks, 
such  as  virus  scanning,”  says  William  Siu,  gen¬ 
eral  manager  of  Intel’s  desktop  platforms 
group.  Hyper-Threading  debuted  on  the  Xeon 
processor,  and  Windows  XP  and  some  distri¬ 
butions  of  Linux  both  support  it.  Although 
applications  that  take  direct  advantage  of 
Hyper-Threading  remain  relatively  rare,  Intel 
claims  that  users  running  two  standard  CPU¬ 
intensive  applications  simultaneously  can 
expect  up  to  25  percent  faster  execution. 

AMD’s  HyperTransport,  on  the  other  hand, 
is  a  high-performance  interconnect  that  allows 
a  computer’s  key  components  to  communicate 
with  each  other  at  speeds  of  up  to  50  times 


faster  and  cheaper  plug-in  modules). 

Additionally,  during  the  next  couple  of 
years,  PC  vendors  will  accelerate  their  transi¬ 
tion  from  32-bit  to  64-bit  technology,  respond¬ 
ing  to  enterprise  customers  that  use  powerful 
database  and  multimedia  software  and  serv¬ 
ices.  Already,  64-bit  technology  is  appearing 
on  high-end  desktops  from  Dell,  Hewlett- 
Packard  and  other  vendors. 

Small  and  Smaller 

But  desktops  continue  to  fight  for  a  smaller 
piece  of  the  PC  market.  For  years,  analysts 
have  predicted  that  sophisticated  notebook 
PCs  would  eventually  supplant  desktop  sys¬ 
tems  as  the  dominant  PC  form.  While  that 
moment  probably  won’t  arrive  in  2004,  the 
latest  notebooks  are  certainly  more  powerful 


U.S.  tablet  PC  shipments  are  set  to 
climb  from  260,000  units  in  2003  to 
2.25  million  in  2005. 


faster  than  the  PCI  bus  currently  used  in  most 
PCs.  “It’s  designed  to  increase  the  speed  of 
communication  between  the  integrated  circuits 
in  computers,  telecom  equipment,  networking 
systems  and  so  on,”  says  Deepa  Doraiswamy, 
a  semiconductor  industry  analyst  with  tech¬ 
nology  consultancy  Frost  &  Sullivan.  Accord¬ 
ing  to  the  HyperTransport  Consortium,  more 
than  45  HyperTransport  products  are  already 
available,  including  CPUs,  security  processors, 
core  logic  and  bridge  devices,  IP  cores  and  test 
equipment. 

Other  significant  PC  architecture  improve¬ 
ments  include  PCI  Express  (a  faster  and  sim¬ 
pler  version  of  the  PCI  bus  that  promises  to 
reduce  the  size  and  cost  of  both  plug-in  cards 
and  motherboards),  Serial  ATA  (a  high-speed 
storage  interface  that  cuts  down  on  the  cabling 
within  PCs),  Serial- Attached  SCSI  (a  speed- 
scalable  and  less  power-hungry  version  of  the 
familiar  SCSI  storage  device  interface  that  also 
allows  for  physically  smaller  drives)  and 
ExpressCard  (a  new  PC  expansion  card  stan¬ 
dard,  based  on  PCI  Express,  that  aims  to 
replace  older  PCMCIA  cards  with  smaller, 


and  easier  to  use  than  their  predecessors. 

IBM,  for  example,  has  developed  a  note¬ 
book  that’s  influenced  by  origami,  the  Japanese 
art  of  paper  folding.  When  the  system — based 
on  a  standard  ThinkPad  T40  notebook — 
opens,  the  display  automatically  moves 
upward  several  inches  for  better  viewing.  As 
the  display  rises,  the  keyboard  reflexively 
slides  toward  the  user  and  rests  at  a  typing 
angle  similar  to  a  desktop  keyboard.  “You  can 
unfold  the  system  if  you’re  at  a  bigger  space 
to  get  the  benefits  of  a  desktop  PC,  and  then 
refold  it  back  up  into  the  clamshell  when  you 
don’t  have  the  space,”  says  Howard  Locker, 
chief  architect  of  IBM’s  PC  division.  The  com¬ 
pany  hasn’t  yet  set  a  release  date  for  the  note¬ 
book.  “We’re  testing  this  [system]  right  now  to 
see  if  people  are  willing  to  pay  the  extra  cost,” 
adds  Locker. 

Many  enterprises  are  also  looking  at 
portable  systems  other  than  notebooks. 
Tablet  PCs  may  be  an  alternative  for  many 
users,  particularly  those  who  need  to  work 
with  large  amounts  of  text  or  numeric  data 
away  from  their  desks.  Tablets,  which  are 


Fuel’s  Gold? 

As  a  PC  power  source,  fuel  cells 
may  lack  energy 

Although  PC  vendors  are  eager  to  breathe 
new  life  into  their  aging  systems,  at  least  one 
highly  anticipated  technology  may  not  hit 
the  mainstream  as  soon  as  hoped. 

Micro  fuel  cell  technology  has  been 
aggressively  touted  as  a  convenient  and  eas¬ 
ily  renewable  power  source.  Fuel  cells  gener¬ 
ate  electricity  through  a  chemical  reaction 
between  oxygen  and  a  fuel  such  as  hydrogen 
or  methanol,  and  they  can  power  a  notebook 
for  up  to  40  hours.  Yet  it's  unlikely  that  large 
numbers  of  users  will  be  “filling  up”  notebook 
PCs,  PDAs  and  other  mobile  devices  any¬ 
time  soon.  Adoption  roadblocks  include  fuel 
cell  size,  the  lack  of  a  universal  standard, 
customer  education  issues,  and  safety  and 
security  concerns  as  users  would  be  bringing 
devices  containing  volatile  fluids  into  build¬ 
ings  and  onto  airplanes  and  other  vehicles. 

All  of  these  drawbacks  have  made  many 
notebook  vendors  skeptical  about  fuel  cell 
technology.  “Fuel  cells  are  not  likely  to  be  rel¬ 
evant  for  mainstream  notebooks  for  several 
years,"  says  Jay  Parker,  notebook  products 
manager  for  Dell.  Fie  believes  it  will  be  hard 
to  change  notebook  users'  ingrained  habits. 
"Customers  will  need  to  become  acclimated 
to  refueling  rather  than  recharging,"  he  says. 
Plowever,  Dell  is  continuing  to  evaluate  vari¬ 
ous  fuel  cell  technologies,  notes  Parker. 

Ploward  Locker,  chief  architect  of  IBM’s 
PC  division,  says  fuel  cells  will  never 
become  popular  because  users  will  have  to 
pay  for  each  refill.  "Today,  when  you  charge  a 
battery,  it's  free,"  he  says.  "Folks  are  already 
at  nine  hours  on  a  battery,  so  how  much  bet¬ 
ter  does  it  need  to  get?"  Locker’s  opinion  of 
fuel  cell  technology:  "It’s  a  nonstarter." 

Yet  two  notebook  makers  are  undeterred 
and  plan  to  push  ahead  with  fuel  cell  tech¬ 
nology.  NEC  has  announced  it  will  start  sell¬ 
ing  fuel  cell-equipped  notebooks  by  the  end 
of  2004,  and  Toshiba  says  it  will  follow  the 
same  path  in  2005. 

-J.E. 


90  CIO  JANUARY  15,  2004  •  www.cio.com 


cudc^' 

Strength  in  Numbers. 


8  weeks  to  complete 
out-of-box  Remedy 
implementation  at 

London  Borough  of  Sutton 


TELSK  saves 


hours  each  month 
using  Remedy 


Sharp  Healthcare 

—  meets 


56  disparate 
help  desk  operations 
consolidated  down 
to  i  on  Remedy 
at  Sainsbury’s 


of  their  service 
level  agreements 
using  Remedy 


sit-up,  Ltd.  processes 


trouble  tickets 
supported  by  Remedy  per  month 

at  Countrywide  Financial" 


customer  transactions 
per  week  using 
Remedy 


Remedy  is  number  one  in  Service  Management.  That  number  speaks  for  itself. 

However,  there  are  other  numbers  important  to  Remedy  customers.  Operating  cost  reductions, 
improvements  in  customer  satisfaction,  increased  employee  productivity,  shorter  time  to  value — the 
bottom-line  numbers  you  will  achieve  by  using  Remedy’s  out-of-the-box  best  practice  applications 
to  automate  service  management  processes. 

Your  success  depends  on  those  numbers.  Remedy  delivers  them. 


www.remedy.com/success 

or  call  us  at  1.888.294.5757 


88  Remedy 

a  BMC  Software  company  " 


IT  SERVICE  MANAGEMENT  CUSTOMER  SERVICE  AND  SUPPORT 


CUSTOM  SOLUTIONS 


designed  to  mimic  the  dimensions  of  a  large 
paper  notebook,  include  an  operating  system 
that  lets  users  jot  down  information  with  a 
stylus.  Mike  Stinson,  vice  president  of  mobile 
products  for  Gateway,  predicts  that  pen- 
based  input  will  be  a  requirement  of  most 
portable  system  users  by  2005.  “It’s  just  an 
easier  way  to  take  notes,”  he  observes.  U.S. 
tablet  PC  shipments  are  set  to  climb  from 
260,000  units  in  2003  to  2.25  million  in 
2005,  according  to  statistics  compiled  by  IDC 
(a  sister  company  to  CIO's  publisher).  State- 
of-the-art  PDAs  are  also  gaining  traction  in 
many  enterprises,  thanks  to  their  low  cost, 
small  size,  wireless  connectivity  and  miserly 
power  consumption. 

A  New  Look 

As  the  design  of  PCs  changes,  an  emerging 
display  technology  is  poised  to  provide  bet¬ 
ter  viewing.  Organic  light  emitting  diodes 
(OLEDs)  promise  to  revolutionize  both  desk¬ 
top  and  mobile  systems  by  offering  ultrathin, 
bright  and  colorful  displays  without  the  need 
for  space-hogging  and  power-consuming 
backlighting. 

OLEDs  are  already  popping  up  on  a  few 
mobile  devices.  Eastman  Kodak,  for  example, 
has  released  a  digital  camera,  the  EasyShare 


a  few  inches  in  diameter  at  a  price  point  that’s 
even  remotely  competitive  with  liquid  crystal 
display  technology.  “We’re  still  a  long  way  off 
from  OLED  in  a  laptop,”  says  Sam  Bhavnani, 
a  senior  mobile  computing  analyst  at  com¬ 
petitive  analysis  company  ARS.  “You  might 
start  to  see  10-inch  or  maybe  a  12-inch 
[screen]  in  the  beginning  of  2005,  at  best.” 

Widely  Wireless 

But  while  OLED  is  a  ways  out,  wireless  is  here 
now.  Wireless  hot  spots  are  springing  up  every¬ 
where  from  corporate  offices  to  McDonald’s 
restaurants,  and  PC  vendors  are  beginning  to 
incorporate  the  technology  into  their  systems. 
Just  as  LAN  ports  became  a  standard  item  on 
most  office  desktops  several  years  ago,  wireless 
support  is  becoming  so  ingrained  that  it’s  even 
trickling  down  to  the  processor  level.  Intel’s 
new  mobile-oriented  Centrino  processor,  for 
example,  supplies  built-in  wireless  support. 

Beyond  8 02 .  lib,  additional  8 02 . 1 1 x  stan¬ 
dards  promise  to  make  wireless  communi¬ 
cations  faster  and  more  efficient.  Already 
available,  802.1  la  supports  data  rates  of  up  to 
54Mbps.  Widespread  adoption,  however, 
has  been  hampered  by  incompatibility  with 
802.11b  technology  (the  standards  use  dif¬ 
ferent  frequency  ranges).  Bridging  the  gap  is 


Some  experts  believe  that  no 
combination  of  faster  speeds  and 
flashy  features  will  keep  PCs  from 
experiencing  a  downward  trend. 


LS633,  that  features  an  OLED  preview  screen. 
Future  OLED  panels  could  find  homes  on 
products  ranging  from  desktop  and  notebook 
PCs  to  PDAs  to  smart  phones  and  a  wide  array 
of  office  and  consumer  appliances.  In  fact,  the 
displays  are  thin  and  light  enough  to  be  plas¬ 
tered  onto  a  wall  like  wallpaper  or  even  sewn 
into  clothing. 

Still,  despite  recent  technical  advances, 
OLEDs  won’t  reach  PC  users  in  meaningful 
numbers  this  year.  That’s  because  researchers 
have  yet  to  develop  screens  that  are  larger  than 


802. llg,  which  provides  802.1  la-level  data 
rates  along  with  full  802. 1 1  b  backward  com¬ 
patibility.  The  first  802.1  lg  products  started 
appearing  in  2003,  and  the  market  is  expected 
to  expand  dramatically  in  2004. 

Within  the  next  year  or  two,  support  will 
likely  begin  appearing  for  802.1  If,  which 
provides  interoperability  between  access 
points  manufactured  by  various  vendors, 
enabling  portable  device  users  to  roam  seam¬ 
lessly  between  networks.  And  the  alphabet 
soup  doesn’t  stop  there.  An  array  of  addi- 


Happy  Days 
Redux? 

PC  shipments 
are  expected 
to  grow 


to  163  million 
units  worldwide 
in  2004. 

SOURCE:  IDC 


tional  802.1  lx  standards,  covering  every¬ 
thing  from  quality  of  service  (802.1  le)  to 
security  (802.1  li)  to  network  performance 
and  management  ( 802. 1  lk),  are  also  expected 
to  enter  the  mainstream  during  the  next  three 
years. 

Is  Thin  In? 

But  some  experts  believe  that  no  combination 
of  faster  speeds  and  flashy  features  will  keep 
PCs  from  experiencing  a  downward  trend.  A 
growing  number  of  enterprises  are  looking 
closely  at  thin-client  devices,  says  Martin 
Reynolds,  a  Gartner  fellow  and  company  vice 
president.  Thin  clients,  which  link  to  a  central 
server  and  have  no  internal  disk  storage,  hold 
the  promise  of  lower  cost,  better  management 
and  enhanced  security.  “The  market  is  more 
ready  for  them  now,”  adds  Reynolds. 

Although  the  thin-client  model  has  existed 
for  many  years,  Reynolds  believes  that  in  a 
chaotic  world  of  viruses,  hackers  and  seem¬ 
ingly  endless  “critical  updates,”  it  makes 
more  sense  than  ever  to  manage  systems  at 
the  server  level  rather  than  on  individual 
desktops. 

And  the  migration  from  PCs  may  only 
accelerate  as  we  move  from  desktop-based  to 


92  CIO  JANUARY  15,  2004  •  www.cio.com 


K\  McAfee 

SECURITY 


i  want  to  Stop  thinking  about  the  threats  that  could  fill  my  network, 


and  Start  thinking  about  the  people  that  could  fill  this  space. 


Start  growing  your  business  securely  with  Intrusion  Prevention  Solutions  from  McAfee  Security. 


With  a  powerful  combination  of  McAfee  -  System  Protection  and  Network  Protection  Solutions,  McAfee  Security  does  more 
than  merely  detect  known  and  unknown  threats — it  actually  prevents  them.  From  the  desktop,  to  the  network,  to  the  server, 
the  McAfee'  Protection-in-Depth'"  strategy  and  our  proven  Intrusion  Prevention  technologies  provide  complete  protection  for 
the  enterprise.  So  you  can  spend  less  time  thinking  about  security  issues  and  more  time  thinking  about  growth  issues.  Learn 
more  today  at  start.mcafeesecurity.com 


Because  security  is  not  just  about  what  you  can  stop. 


Network  Associates,  McAfeo,  and  Protection-in-Depth  are  registered  trademarks  or  trademarks  ol  Network  Associates,  Inc  and/ot  its  allilintes  in  the  US  and/oi  other  eonnhies 
All  other  registered  and  unregistered  trademarks  herein  are  the  sole  property  ol  their  respective  owners,  Co  2003  Networks  Associates  technology,  Inc.  All  Rights  Resetvod 


Network  Associates 


ESSENTIAL 

r\  / 

n 

p 

i\  /i 

[\ 

llttSIBMVMil 

U 

tv 

U 

V 

N 

Security  Supergroup 

Carnegie  Mellon’s  Cylab  combines  experts  into  an  information 
security  powerhouse 


device-based  computing — an  environment 
in  which  “technology  is  embedded  in  just 
about  everything,”  says  Chris  Shipley,  exec¬ 
utive  producer  of  The  Demo  Conferences 
for  IDG  Executive  Forums  (a  sister  com¬ 
pany  to  CIO's  publisher),  which  showcases 
budding  technologies.  Shipley  notes  that 
networks  will  soon  be  “smart  enough  to 
know  who  you  are  and  what  sort  of  device 
you’re  connecting  from — then  they’ll  just 
scale  the  information  appropriately  for  the 
device  you’re  using.” 

Up  the  Grade 

The  new  PC  is  indeed  faster,  smarter  sleeker 
and  cheaper,  and  generally  better  than  its 
predecessors.  But  will  a  new  generation  of 
more  capable  PCs  finally  inspire  enterprises 
to  ditch  the  20th  century  relics  that  sit  stub¬ 
bornly  on  millions  of  worker  desks?  It 
depends.  For  most  organizations  it  boils 
down  to  money — or  a  lack  thereof.  “CIOs 
do  not  need  much  convincing  at  this  point; 
it’s  the  overall  funds  that  are  in  short  sup¬ 
ply,”  says  Toni  Duboise,  desktop  PC  indus¬ 
try  analyst  at  ARS. 

With  money  tight,  Demo’s  Shipley  doubts 
that  many  enterprises  will  be  swayed  to  buy 
replacement  hardware  solely  on  the  basis  of 
new  or  improved  capabilities.  “PC  and  lap¬ 
top  hardware  will  be  replaced  as  needed, 
as  the  hardware  itself  fails  or  becomes 
obsolete,”  she  notes.  “There  is  little  on  the 
horizon  that  suggests  the  acceleration  of  the 
end  of  life  of  today’s  computer  hardware.” 

Still,  many  observers  believe  that  as 
security  and  maintenance  costs  on  older 
machines  continue  to  soar,  enterprises  will 
eventually  have  no  choice  but  to  invest  in 
new  hardware.  “Security  and  standardi¬ 
zation  of  the  installed  base  are  key  driv¬ 
ers,”  observes  Gartner’s  Reynolds.  “Older 
machines  take  a  lot  of  work  to  look  after.  ” 
Which  goes  to  prove  that,  despite  eco¬ 
nomic  downturns  and  squeezed  budgets, 
you  can’t  cheat  time — or  avoid  the  dawn 
of  a  new  era. 


John  Edwards  is  a  freelance  writer  based  in 
Gilbert,  Ariz.  He  can  be  reached  via  e-mail  at 
john@john-edwards.com. 


SECURITY  |  Carnegie  Mellon  University 
has  earned  a  reputation  as  one  of  the  pri¬ 
mary  centers  in  the  world  for  information 
security  research.  Now  the  university  has 
created  CyLab,  a  cooperative  effort  between 
the  school’s  CERT  Coordination  Center  and 
several  Carnegie  Mellon  schools,  including 
the  College  of  Engineering,  the  School  of 
Computer  Science,  and  the  School  of  Public 
Policy  and  Management.  “We  wanted  this  to 
be  a  universitywide  strategy  and  put  our 
stake  in  the  ground  saying,  ‘Cybersecurity  is 
where  we're  going  to  make  a  difference,’” 
says  Pradeep  Khosla,  codirector  of  CyLab 
and  head  of  Carnegie  Mellon’s  Electrical 
and  Computer  Engineering  Department. 

The  new  group  consists  of  more  than  50 
researchers  and  80  students  from  a  variety 
of  disciplines,  all  creating  new  information 
security  technologies  and  practices. 
Carnegie  Mellon’s  Information  Networking 
Institute  (which  Khosla  also  heads)  will 
function  as  CyLab’s  education  arm,  provid¬ 
ing  opportunities  for  students  to  focus  on 


cutting-edge  information  security. 

CyLab  funding  will  come  through  a 
combination  of  public  and  private  money. 
Congress  recently  granted  the  organization 
$6  million  for  security  research.  In  return, 
the  U.S.  government  will  receive  rights  to 
use  Cylab  research  for  national  security 
efforts.  Private  companies  can  also  get 
involved,  ranging  from  basic  memberships 
that  start  at  $25,000  per  year  to  "founding 
corporate  partners”  contributing  millions. 
Donors  at  the  lower  levels  reserve  the  right 
to  use  CyLab  technologies  internally.  Found¬ 
ing  partners,  meanwhile,  will  be  able  to  com¬ 
mercialize  CyLab  research.  (No  founding 
partners  have  yet  signed  on,  but  Khosla  says 
several  negotiations  are  underway.) 

Khosla  declines  to  provide  a  timetable  for 
when  CyLab  research  could  be  commercial¬ 
ized,  but  he  notes  that  the  group  is  staffed 
and  already  making  progress.  As  a  result, 
technologies  could  move  out  of  the  univer¬ 
sity  in  as  little  as  a  year. 

-Christopher  Lindquist 


94  CIO  JANUARY  15,  2004  •  www.clo.com 


THE  AVERAGE  PERSON  WILL 
SPEND  5,880  MINUTES  A  YEAR 
ON  OUR  CELL  PHONE,  LEAVING 
51 9,720  TO  SAVE  THE  UNIVERSE 


When  people  want  to  get  the  most  out  of  mobile  entertainment,  they  turn  to  the  first  company  to  successfully 
launch  3G  mobile  and  the  number  one  brand  in  Japan,  the  world's  most  advanced  market.  NEC's  new  cell 
phone  with  digital  camera,  advanced  gaming  entertainment  functions  and  business  networking  demonstrates 
the  possibilities  of  the  next  generation  of  mobile  technology.  And  is  another  example  of  NEC  combining  its 
networking  and  software  expertise  to  empower  people  through  innovation,  www.necus.com  800-338-9549 

IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


©NEC  Corporation  2003.  NEC  and  NEC  logo  are  Registered  Trademarks  of  NEC  Corporation. 
Empowered  by  Innovation  is  a  Trademark  of  NEC  Corporation.  Image  simulated;  not  in  actual  game. 


Empowered  by  Innovation 


ESSENTIAL 


IIWKItMMIen 


The  Real  Meaning 
of  Longhorn 

BY  ERIC  KNORR 

Microsoft’s  next  version  of  Windows  promotes 
the  evolution  of  client/server 


NEW  WINDOWS  |  Glance  at  the  surface 
of  Longhorn,  and  it  seems  like  a  reinvention  of 
fatware.  The  flashiest  part,  the  Avalon  graph¬ 
ics  subsystem,  is  such  a  hog  that  Microsoft 
admits  you’ll  need  a  hardware  upgrade  to  get 
the  full  effect  of  its  rich  new  3-D  GUI  that  will 
supposedly  knock  you  out  of  your  chair. 

But  Avalon’s  pizzazz  starts  to  seem  like  a 
diversion  when  you  pop  the  hood  on  Long¬ 
horn  and  peer  inside.  There’s  so  much  Internet 
and  messaging  code  in  there,  I’m  convinced 
that  Microsoft  has  laid  the  foundation  to  end 
the  distinction  between  client  and  server. 

WS-Everything 

Consider  the  three  new  technology  pillars  that 
underlie  Longhorn:  Avalon,  the  WinFS  stor¬ 
age  system  and  Indigo.  The  most  interesting  is 
Indigo,  a  big  stack  of  draft  Web  services  pro¬ 
tocols  (such  as  WS-Security,  WS-Federation, 
WS-ReliableMessaging,  WS-Coordination 
and  more)  introduced  by  Microsoft  and  var¬ 
ious  partners  that  together  will  function  as  a 
kind  of  pure,  Web  services-based  middleware 
with  peer-to-peer  functionality  as  well  as  con¬ 
nections  to  desktop  apps. 

In  other  words,  all  Longhorn  applications 
can  be  Internet  applications  integrated  into  the 
rest  of  the  enterprise  because  the  connective 
tissue  is  woven  into  the  platform.  Flip  a  switch, 
and  a  desktop  spreadsheet,  for  instance,  could 
become  a  Web  services  application.  The  vex¬ 
ing  problem  that  has  dogged  the  PC  since 

96  CIO  JANUARY  15,  2004  •  www.cio.com 


birth — too  much  data  locked  in  desktops — is 
on  the  verge  of  being  solved,  because  every 
desktop  will  also  be  a  server. 

A  key  element  in  desktops  becoming  good 
enterprise  citizens  is  WinFS,  which  will  stipu¬ 
late  an  XML-based  storage  system  for  desk¬ 
top  data.  (Contrary  to  rumor,  WinFS  doesn’t 
replace  NTFS;  it  runs  on  top  of  it.)  This  com¬ 
mon  XML  denominator  will  make  desktop 
content  easier  to  expose  and  consume. 

WinFS  will  also  help  desktop  applications 
communicate  with  each  other.  For  example, 
why  shouldn’t  meta-data  from  your  e-mail 
client — whom  you  e-mail  most  often,  the 
folders  you  browse  frequently — be  used  to 
rank  desktop  search  results?  Mail  clients  built 
on  WinFS  and  its  open  XML  interfaces  raise 
that  possibility. 

XML  at  the  Core 

Are  we  starting  to  see  a  pattern  here?  XML  is 
Longhorn’s  middle  name.  In  the  end,  XML 
drives  even  Avalon.  Along  with  enabling  fancy 
3-D  tricks,  Avalon  comes  with  a  new  way  to 
describe  GUIs:  XML  application  markup  lan¬ 
guage  (XAML — not  to  be  confused  with  the 
old  B2B  play  by  IBM,  Oracle  and  others 
known  as  the  Transaction  Authority  Markup 
Language).  Microsoft  claims  it  learned  from 
the  simplicity  of  Web  development  and  says 
that  coding  GUIs  for  Longhorn  apps  will  be 
much  easier  than  in  earlier  Windows  versions. 
XAML  also  lets  designers  create  GUIs  using 


The  problem 
of  too  much 
data  locked  in 
desktops  is 
close  to  being 
solved  as  every 
desktop  will  also 
be  a  server 

-Eric  Knorr 

tools  they  already  know.  For  example,  Adobe 
has  demoed  an  alpha  version  of  its  After  Effects 
app  that  spits  out  XAML  code. 

If  Longhorn  succeeds,  XAML  smart  clients 
could  eventually  replace  the  HTML  Web 
apps  that  now  rule  enterprise  computing  by 
default.  Microsoft  has  long  argued  that 
browser-based  apps  are  a  step  backward  and 
should  be  replaced  by  smart,  Internet-aware 
client  applications  that  exploit  all  that  excess 
processing  power  at  the  edge  of  the  network 
(that  is,  desktop  computers  running  Win¬ 
dows,  of  course).  With  a  new  technology 
called  ClickOnce,  users  can  download  and 
install  a  “  smart  client”  on  the  desktop,  which 
then  updates  itself  automatically  as  needed. 
Amazon  has  already  previewed  a  smart  3-D 
shopping  client  that  shows  off  this  capability. 

So  we’ve  come  full  circle.  The  desktop  is 
king  again,  according  to  Microsoft — except 
that  XML  is  making  the  physical  location  of 
desktop  applications  less  and  less  important. 
With  Avalon,  WinFS  and  Indigo  connecting 
Windows  to  everything,  will  it  matter  where 
applications  live? 


Eric  Knorr  is  executive  editor  at  large  for  Info- 
World  magazine.  He  can  be  reached  via  e-mail  at 
eknorr@pacbell.net. 


PHOTO  BY  EDWARD  CALDWELL 


It  takes  more  than  offshore  operations 


*r:v*-* 


’’r  -> 


It’s  easy  to  send  your  applications  offshore. 
It’s  harder  to  get  something  back. 


to  deliver  the  rewards  of  offshore  outsourcing. 

Keane’s  proven  delivery  model  consistently  improves  quality  while 
managing  risk  -  ensuring  the  cost  advantages  that  led  you  offshore  in  the 
first  place. The  proof:  over  20  years  of  successful  offshore  delivery. 

Learn  how  to  structure  your  application  outsourcing  initiative  for  success. 

Download  Keane’s  Offshore  Outsourcing  Checklist  at  www.keane.com/offshore/check 


KEANE 


KEANE 


Sales  and  Services 

CIO  SALES  OFFICES 

President  Walter  Manninen 
Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

East  Coast 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly  •  508  935-4586 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 
Regional  Sales  Manager 
Ellie  Schwab  *201 634-2332 
Account  Executive 
Joan  Bonadeo  •  201 634-2328 
Advertising  Sales  Associates 
Rhonda  Goodman  •  201 634-2329 
Sharon  Patrick  •  201 634-2333 
Fax  •  201 634-9513 

New  England 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly  -508  935-4586 
Account  Executive 

Dawn  Cora  •  508  935-4092 
Fax  •  508  879-6063 


South  Central 

Regional  Director/ Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 
Account  Executive 
Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 

North  Central 

Senior  District  Sales  Manager 

Beth  DeVillez  •  847  441-3140 
Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 
Fax  *847  441-5150 

West  Coast 

VP  Sales/West 

Cheri  Parr  •  415  975-2685 
Senior  Regional  Sales  Managers 
Ai  Collins  *415  975-2686 
Jane  Evans  •  415  975-2680 
Account  Executive 
Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 

Southern  California 

Senior  Account  Executive 

Isaac  Ugay  •  949  475-5579 
Fax  •  949  475-5583 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 


List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 
Online  Sales  Manager 

Michael  McPhee  •  508  935-4611 

CUSTOM  PUBLISHING 

Group  Director  •  Michael  Siggins 
Director  •  Mary  Gregory 
Director  of  Content  Development  *  Tom  Field 
Project  Managers  •  John  Danielowich, 

Amy  Greenieaf 

Graphic  Designer  *  Christopher  Brown 

REPRINT  SERVICES 

For  article  reprints  (500  quantity  or  more), 
please  contact  Jackie  Day  at  RSiCopyright 
(651582-3856)  or  via  e-mail  at 
cioreprints@rsicopyright.com. 

CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.c/'o.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands 
www.cio.nl 


Index  of  Companies  and  Advertisers 

Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a 
substantial  mention.  This  index  is  provided  as  a  service  to  readers.  The  publisher 
does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 


1-800-Got-Junk  LLC . 24 

Acxiom  Corp . 60 

Adobe  Systems  Inc . 89 

Advanced  Micro  Devices  Inc.  .  89 

Amazon.com  Inc . 89 

ARS  Inc . 89 

AXA  Financial  Inc . 78 

BAE  Systems . 68 

Boeing . 68 

Candle  Corp . 78 

Dell  Inc . 89 

Eastman  Kodak  Co . 89 

Entrust  Inc . 60 

Forrester  Research  Inc . 24 

Forsythe  Solutions  Group  Inc.  54 

Frost  &  Sullivan  Ltd . 89 

Gartner  Inc . 78,  89 

Gateway  Inc . 89 

General  Dynamics  Corp . 68 

Herrick  Feinstein  LLP . 54 

Plewlett-Packard  Co . 89 

IBM  Corp .  68,  78,  89 

IDG  Executive  Forums . 89 

Institute  for  Supply 
Management  . 24 


9  8  CIO  JANUARY  15, 


Intel  Inc . 89 

Internationa!  Data  Corp . 89 

Krystal  Co.,  The . 54 

Lockheed  Martin  Corp . 68 

Luxoft . 68 

Meetup  Inc . 24 

Microsoft  Corp . 89 

NEC  Corp . 89 

Northrop  Grumman  Corp.  68,  78 

Oracle  Corp . 78,  89 

PoliticsOnline  Inc . 24 

PricewaterhouseCoopers  ....  54 

Raytheon  Co . 68 

Rolls-Royce  PLC . 68 

SAP  AG  . 78 

Shaw  Pittman  LLP . 68 

Siebel  Systems  Inc . 78 

Silk  Road  Group  Ltd,  The  ....  78 

Sonic  Software  Corp . 78 

Stephens  Inc . 60 

Tata  Consultancy  Services  ...  68 

Testa,  Plurwitz  &  Thibeault 
LLP . 54 

Time  Domain  Corp . 60 

Toshiba  Corp . 89 

Tower  Group  Inc.,  The  . 24 


2004  • 


Vastera  Inc . 68 

WaveCrest  Laboratories  LLC  .  60 

Wipro  LTD  . . 68 

Yankee  Group,  The  . . . 78 

ZapThink  LLC . 78 

ADVERTISER  INDEX 

3Com  Corp . 88 

AT&T  Wireless  . 25 

Avaya  . 10 

Berbee  Information  Networks 
Corp . 13 

Blazent  . . 35 

BMC  Software . 16 

Broadcom  Corp . 41 

Business  Objects  Inc . 7 

Cognos  Inc . 9 

Computer  Associates 
Inti.  Inc . C4,  5 

Compuware  Corp . 47 

CXO  Media  Inc.  .  .  50,  65,  84,  86 

Data  Return  . 73 

Dell  Computer  Corp . 20,  21 

EMC2 . 64a 

Fujitsu  . 22 

Fujitsu  PC  Corp . 45 


IBM  Corp . 2 

Keane  Inc.  . 97 

Kyocera  Mita  Corp . 15 

Lanier  Worldwide  Inc . C3 

Microsoft  Corp . C2,  36,  52 

Microsoft  Office  Live  Meeting  .  71 

MRO  Software  . 49 

NEC  Solutions  Inc . 95 

Network  Associates  Inc . 93 

NextiraOne  . 81 

Nokia . 39 

PC  Connection . 83 

PeopleSoft  Inc . 27 

Polycom  Inc . 19 

Quantum  DLTtape  . 77 

Remedy,  a  BMC  Software 
company . 91 

Resources  Connection  . 31 

Savin  Corp . 29 

Sky  Tel  Corp . 33 

Sprint . 43 

United  Way  . 99 


New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html. 


CIO  Contact 
Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2004  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO,  492 
Old  Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  $. 

Subscriptions:  CIO  is  free  to  qualified 
information  executives.  To  apply,  use 
our  online  subscription  form  at 
www.subschbe.cio.com.  Subscrip¬ 
tions  are  also  available  on  a  paid 
basis  at  a  rate  of  $95  for  the  United 
States  and  Canada,  $195  for  interna¬ 
tional  (payable  in  U.S.  funds  only) 
and  may  be  ordered  online  at 
www.subscribe.cio.com/services.html 
or  by  sending  an  inquiry  to  CIO,  P.O, 
Box  489,  Northbrook,  IL  60065- 
0489.  Please  allow  four  to  six  weeks 
for  a  new  subscription  to  begin.  The 
single  copy  price  is  $9  for  the  United 
States  and  Canada,  and  $15  interna¬ 
tional.  Prepayment  is  required, 
payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of  address 
to  CIO,  P.O.  Box  489,  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S.A. 


www.cio.com 


When  there  are  no  words, 

there  is  action. 


The  atrocities  committed  in  New  York,  Washington,  D.C.  and  Pennsylvania  have 
left  us  all  speechless  and  searching  our  souls.  Mothers  and  fathers,  friends  and  loved 
ones,  are  lost  under  mountains  of  concrete,  steel,  and  hatred.  As  the  dust  settles 
and  the  tears  flow,  United  Way  is  there,  lending  a  helping  hand  with  compassion 
in  action.  But  the  commitment  doesn’t  end  there.  Across  America,  1400  local 
United  Ways  are  helping  families  and  children  cope,  providing  counseling,  and 
promoting  tolerance  and  anti-violence  in  our  communities.  Please  join  the  cause. 

To  find  out  how  you  can  help  your  community  heal,  log  on  unitedway.org. 

Unibed  W^y 

The  Way  America  Cares. 
Community  by  Community.™ 


EXECUTIVE 


January  15,  2004 


COVER  STORY 
The  Next  President’s 
IT  Agenda 

By  Ben  Worthen  I  54 


Technology  is  on  the  agenda  this 

election,  although  it’s  embedded  in 
other,  overarching  issues.  We’ve 
identified  five  of  the  most  important  IT 
policy  issues,  how  the  next  administration 
could  shape  them,  and  what  hangs  in  the 
balance  of  the  2004  election.  1.  Critical 
infrastructure:  Should  the  government  play 
a  hands-on  role  by  setting  cybersecurity 
standards?  2.  Jobs:  The  next  president  will 
have  to  decide  whether  to  curb  offshore 
outsourcing.  3.  Privacy:  The  public  expects 
privacy  laws  to  evolve — are  more  aggres¬ 
sive  measures  necessary?  4.  Regulation: 
How  strict  should  enforcement  be  of  current 
corporate  governance  regulations?  5.  IT 
development:  How  will  the  next  president’s 
policies  influence  the  future  of  open-source 
technology  and  how  R&D  projects  influ¬ 
ence  the  IT  sector. 


“Look  at  how  much  trouble 
the  courts  have  trying  to 
deal  with  the  complexity 
of  software  and  IT  issues 
that  land  before  them. 
Imagine  politicians  and 
bureaucrats  trying  to 
codify  how  technology 
that  they  barely  grasp  is 
required  to  work.” 

-DAVID  REID,  CIO,  KRYSTAL  CO. 


Where  the  Candidates  Stand  By  cio  staff  I  60 

WHERE  DO  THE  NINE  DEMOCRATS  AND  ONE  REPUBLICAN  vying  to  be  the  next 

president  stand  on  such  IT-centric  issues  as  critical  infrastructure  security  and  corporate  governance? 
We  asked  each.  Joseph  Lieberman  was  the  only  candidate  to  provide  a  full  response,  but  we  were 
able  to  dig  up  enough  history  on  each  to  analyze  their  stances.  Howard  Dean,  for  example,  doesn’t 
mention  high-tech  jobs  in  speeches,  but  he  does  say  he  would  find  ways  that  U.S.  companies  could 
meet  their  needs  for  workers  at  all  skill  levels  without  pitting  foreigners  against  Americans.  As  gover¬ 
nor,  Dean  requested  that  the  Vermont  Technology  Council  produce  the  state’s  first  science  and 
technology  education  plan,  which  it  did  in  1994.  Lieberman  supports  making  the  R&D  tax  credit 
permanent.  He  would  also  increase  spending  on  long-term  R&D,  in  part  by  doubling  the  National 
Science  Foundation  budget. 


Safeguarding  Data  in  a  Dangerous  World  By  Stephanie  Overby  I  68 

CIOS  IN  THE  MILITARY-INDUSTRIAL  COMPLEX  must  figure  out  how  to  protect  their 
sensitive  information  while  enabling  the  offshore  outsourcing  necessary  to  compete  in  today’s  busi¬ 
ness  environment.  Due  to  terrorism,  federal  enforcement  has  been  getting  tougher,  and  CIOs  are  ulti¬ 
mately  responsible  for  making  sure  that  certain  data  cannot  be  accessed  by  foreign  contractors  and 
that  the  arrangements  for  systems  access  are  fail-safe.  At  Raytheon  Aircraft,  CIO  Doug  Debrecht  is 
setting  up  a  plan  that  will  enable  IBM  to  subcontract  work  on  an  SAP  outsourcing  deal  to  Indian 
workers.  So  far,  he’s  had  to  enlist  a  number  of  Raytheon  officials  for  help  in  designing  an  intricate 
knowledge  management  system  that  controls  what  the  Indian  workers  will  be  able  to  see.  He  is  also 
attempting  to  configure  a  secure  identification  setup. 


What  You  Need  to  Know  About  SOA  ByToddDatz  I  78 

WHAT’S  OLD  IS  NEW  AGAIN— a  concept  that’s  been  around  for  years  has  been  renamed 
service-oriented  architecture,  or  SOA.  Designed  as  a  collection  of  services  that  communicate  with 
each  other  on  a  network,  SOA’s  payoffs  are  compelling — increased  agility,  faster  and  cheaper  integra¬ 
tion,  the  leveraging  of  existing  IT  assets  and  a  focus  on  business  processes.  An  SOA  takes  legacy 
investments — SAP,  Siebel,  Oracle  and  the  like — and  lets  them  all  play  nicely  (and  more  cheaply) 
together.  And  if  it  sounds  like  Web  services,  you’re  partly  right.  Web  services  and  SOA  are  not 
mutually  exclusive — you  don’t  need  one  to  run  the  other — but  some  believe  that  building  an  SOA 
using  Web  services  is  the  ideal  approach.  However,  SOA  isn’t  cheap.  It  requires  significant  human 
capital,  including  business  analysts  to  lay  out  the  business  processes,  system  architects  to  turn 
processes  into  specifications,  software  engineers  to  develop  the  new  code  and  plenty  of  project 
managers.  Having  a  blueprint  for  your  SOA  is  critical. 


Essential  Technology:  Dawn  of  a  New  PC  By  John  Edwards  I  89 

AFTER  YEARS  OF  RELATIVELY  FLAT  SALES,  PC  makers  are  looking  at  new  technologies 
in  2004  to  lure  buyers  back  into  the  market.  With  processor  speeds  approaching  4GHz,  this  year’s 
desktops  will  be  the  fastest  ever.  New  drive  technology  such  as  Serial  Attached  SCSI  and  Serial  ATA 
enhance  onboard  storage.  PCI  Express  and  ExpressCard  peripherals  will  make  for  faster,  smaller  and 
easier  upgrades.  Fuel  cell-powered  notebooks  are  even  getting  ready  to  hit  store  shelves,  despite  concerns 
over  using  them  during  air  travel  and  having  to  train  consumers  to  “refuel”  their  PCs  instead  of  recharg¬ 
ing  them.  But  some  pundits  argue  that  PCs  can’t  do  enough  to  bring  back  their  glory  days.  They  point 
to  thin  computing  via  terminals  and  other  devices  that  will  supplant  significant  portions  of  PC  usage. 


100  CIO  JANUARY  15,  2004  •  www.cio.com 


Our  Customers 

Stay  Satisfied. 


For  the  second  straight  year,  J.D.  Power  and  Associates 
ranked  Lanier  #1  in  Customer  Satisfaction. 

Call  800-551-3087  or  visit  lanier.com  to  find  out  why  J.D.  Power  and  Associates  again 
ranked  Lanier  "#1  Black  and  White  Copier/Multifunction  Product  in  Customer  Satisfaction 
among  Business  Users",  this  year  in  a  tie.  You  can  also  request  a  DOCutivity® analysis  of 
your  company's  workflow.  Find  out  how  satisfying  document  management  can  be. 


A  RICOH  COMPANY 


J.D.  Power  and  Associates  2002-2003  Copier  Customer  Satisfaction  Studies.'  2003  Study  based  on  responses  from  2,963  small,  medium  and  large  business  users 
of  copiers  and  multifunction  products  in  the  first  1 8  months  of  ownership.  Multifunction  products  include  print,  copy,  scan  and/or  fax  functionality. 


The  right  management  can  put  you  in  control  of  your  infrastructure, 
not  the  other  way  around. 

Unicenter®  Infrastructure  Management  Software 

So  long,  mayhem.  Management  is  here.  Unicenter  infrastructure  management  software  gives  you  unparalleled 
control  of  your  IT  environment.  It  lets  your  infrastructure  react  to  changes  in  real  time,  so  your  IT  and  business 
priorities  are  always  in  sync.  Its  self-healing  capabilities  help  you  do  more  with  less  and  control  costs.  To  learn 
how  the  right  management  can  help  you  realize  on-demand  computing  with  your  existing  infrastructure,  or  to  get 
a  white  paper,  go  to  ca.com/infrastructure. 

Computer  Associates® 


©  2003  Computer  Associates  International,  Inc.  (CA).  Ail  rights  reserved. 


